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[0 0 4 3] ll^9fcjto&>.6S89ltt, 

—9 \zmfc^TMm^n y^yyomm^no n >^ 
>^fijfflgSon > bfn. -^•u^ff £-B:<5 -fa tfy A£ 

T, ^>T>y<D%im^&\zfeVT. n>^><ycD^g 

ttsssaurr spates mi icssod me. 
n y^r > yomwmMz^, tin >T>y<gmms\z 

2OS600, S6 0 1, 01 3CDS 7 0 0. S70 

OlM (013CDS7O4) SrS^^it-Sfe*©^" 
□ if 7 A SIB® Ufcn > tf n.-^fg*J& 0 pJfg&IE^I 

[0044] z\<Dm$m9\zfrfo&m}\z&m& rr 

>T>y<DWM%'ft?n>T>ywM&m.\z, 

gizm-Tzmiumzmmu torn. mm=i>^>y 
commmrnzttfo^Tn >"r>ywgmmz^xmm 

fflfiFifr*fr*«je isW^znz>m&\zmz&ist)rd&^ 
-&m^x=i>^>y<m^n^^o\zvx. 

[0045] o\z&&z>?&m& mm& 

ma >T>y<Dmm*ftozi >^>y^mmmz^ 

yj->y&<m*-*im : &mk (01058-1, 6 
0 - 1 . 62-D m&mdm^&m&m. 

T>yoy@m*fto3m. (01051) ^rnttz. 
40 tzmLttZo 

[0046] z.<Dm?m 1 0 \zfrfrz>m$z&n}& ^ 

>y©«#+-$^a6. torn. m&m>rcfflm&»igi 
fr*ni£vft*fenz>mei\z. mm£ebfz&^*-&m 
^xzi>T>y(D&^zfto&o\z[sT. ^mm^-fa 

[0047] ^fc, mami nzm^mm^ warn 
so ttu y^yyommzft^n >v-yymm^m.<Dny\f 
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tb&JM (0 12 COS 6 0 0. S60L 01 3<DS7 

oo, s 7 o i) mtt&r&mfffl&fc&vmv 

yyoiWi&noJM (013CDS7O4) <h, &mfe 

[0048] dCOffjfcfl 1 1 \ZfrfrZ>%miZ£?U& £ 

©fFfg-htfg^^ mm^>'r>ymmwm.v>w^m\z 
Mtzmiffim* h £\zmMisTmmffB]#kfr&£tfn 

fi&ft&mfeisffoitsft&msiz, ms&®rz.w$*- 

[004 9] 

mzfrfr&ny^yymmffl®^^^ uyj-yym 

mmm&&vto>%mim;&=i > tf ^-^ \zmfftmz 

•fa tf? a £12& Lfcn > tf n.— ^fg^ 0 Bjfg^iH^ 
[0 0 5 0] 0 1 (J, *&W(D—mfa<?>Mmn?3c>2>=i> 

T>ymmm%y7.^i±<Dm&*7&?wz$>%><> muz 
^-rn >^>u/fijM«p>'7 t xA i o mrnrn 1 # 

T, iron>^> > yfiJffi«ffliv^^Ai 0fi> 

l^ti#->X^A 2 0 . 3>f>7iH/\'3 0, 
>7.+l— A*4 0 . ^tfTOg^^A 5 0 S^TT-So 
[0 0 5 1] *f^m->x^A2 Oti, ffrSbfcn^ 

^>!V-y— A3 OKg^-r-5 (S 1 0) OTSrfr^i^B 

>T>y) zw%-f%<D\zt&mte=}>T>y'im*—%: 

*ft0ffli*t£7-r-fe>x-y-— mcsBrrs (s 1 2) 

(acl) s:^-t>x-y— am ofctarr^ (SI 
4) acl^3£3U2 3*#u mm<on>^->y\zm 

[0052] 3>f>7it-A3oii wmm^xT 
A2 oa>£>ji£e)ttfc$sg:3>7 i > , .y£g^u 

^rA5 0a>£CQSg3>^>ygE^g^i&^£: (S 

16) £©s»s*i» «?¥snTOi*iBKn> 

7 1 > , y$-mr^^$n^^lf$lJffl#>'^^A 5 0 K££tti 

-r-s cs 1 7) „ 
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[0 0 5 3] ^-<-fc>X-y— A*4 Ofi, ^'T-fe>7.f ! lrBj 
ltLDAP->XfA4 2^2:^-^,,, ^-f 
ir>7fW/3bi£954 1 Slffl&^T-A 5 o^e.n 

y'ryy^mrnm^h-DtcL (s 1 8) z\<nmm 
mwzimiztirdmmm 1 DMW#t ^n«^^i--g, 

JO 5 (S21) . 

[0054] z\<D^±>7.it. ®mmm7mm&fr 
-c&Q, mggmviijmiztt&zii. mm^m* 

<D^±>z<nmnik£m^t\z^Tizmfr?%» & 

*5> fOTl^fc (S 1 8) {^31J|3g I Dffi9»iWHHlS 
nTt^&l/>*^ LDAPy7fA4 2rtfCfc#&b^: 

^ ^«^fra, (s 1 9) &mmzsx 

rA5 0ICeI#LT. fiJffl#->^^A5 0*J^jau&« 
I DIE^g^Sig-r (S 2 0) „ 
[0 0 5 5] - Jj. mmmz'Xy L A2 0*^7^t7 

(Si 2) #a-fi, c:cor3>^>y^+-S:^r§ 

LDAPyX fA 4 2 F*JCD=£— 4 4 COt 1 — 7. 

^rA2 0^eACL|g5t^Kle»tlT*fe (S 1 4) t 
dOACLS:*KEn>^>!yfCMJ^$-&T. LDA 
J» Pi>X^A4 2f*J©7^-feXffiJPUXh (ACL) 

[0 0 5 6] fllfflWv-^A 5 0(4> Mn>5">^C0 
Sffif^S* (S 1 6) tBflfStifciBS3>7 t >!ycDflSE» 
*ff'5^En>^>!yM^m#S155 1 ^<-fe>x 

t^^fijii^ (s i 8) t^-r-fe>7.oom 
# (S2D omm*fto7^^>xmi£sn$m®s2 
wmmisXTj±<mm\\mm&L (sue) 5 3<t£ 
^•So 4#5^w»i5 3t^ <&m<Dn>T>ymm 
mm.*^\ cpu, UA-zw^sBtta 

[00 5 7] <&%.mmmi\Z\t, C P U^COflJfflm^f 
^S^l (PCSUE) 54-l~54-Nt, n> 

x> > y$*&^rT-5n>^>y>c > hu— ^a*-<7 5 5- 

1 ~ 5 5 -Mt. ^l^— V^ezt-^COS^/UT. 
5 6-l~5 6-Lt5r^-r§ 0 SPCSUE54-1 
~ 5 4 - N. #3>f>77h U-^/N'-T 7 5 5-1 
~5 5-M. *J:1%B4t;H756-1~56-L 
•€-tl-E : tlC0#j^^ ID57-1~57-N. 59 
SO - 1~5 9-M. 6 1 -1~6 l-L«r#T-5itfe 
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ic. mmk/femt/mum s 8 - 1 ~ 5 8 -n, 6 0 

-1~60-M, 62-1-6 2-L^#f-5o 

[0058] mmk/&mt/mm5 8 - 1 ~ 5 8 - 

N. 60-l~60-M, 6 2- 1~6 2-L«. 

[0059] ^>€\zjMi,rcmmm^x^A2o. n 

f»fyXfA 2 0 ©iWJBWIBlCOViTlliiJW*. 
[0 0 6 0] 02JCfe^T, ^t^^5"A2 0«. 

^>>ysi 00. k«> ^-f^>h©#m^ 

[0061] mftfammm=i >^>y&mvsb^m^ 
Ufy/i 01, ii3>f> i yig) tee, sgn 
>^>^^si52i^ ^>^>y<Dm^it^n^ u 

T'^Si l 0) . n>^>y+>— nu^h^SBfacD 
n>^>y-y— A*3 0£Jf5£L Uf'^Sl 1 1) . 
£©ffi5£U£3 >-^>^+h-/t 3 0 td*f >t" 

>yafies*«ff3 Ufy^s 1 1 2) 0 -e©4& n 

>^ > U/+>— A* 3 0iO^ ©j£g£#T. ^©JfcgtftO K 
T***»X7-Tf**^S«ffr* (Xfy^S 1 1 
3) o 

[0 0 6 2] 3>r->iy+J— A*3 0#><D©j£§#tOK© 
*a-J3fi^-<D*S, x^— T;*-5*g-S;rfi. x^HDS 
Zft^fr Ufy/Sl 14) o€f<Z>3> 

si is) o ^^®n>^> > yD— ntm^ntzm^ 

«fy/S 1 1 5. &9) (111 Xfy^S 1 1 2(3 
-/WSnt^ft^i^ Ufy^S 115, 

[0 0 6 3] Iff^ACLl^T'*^^ U^y 
^10 1. A CLUB© , ACLta^2 3fJ. 

*JifL U^-y^S 12 0), 3>5r>'.yft#*— ©g 
Ufy/S 12 0. &L) frte. X^ 
-^SrfT-^T U^-y^S 12 4). XryZfS 1 0 
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0K#frU J^L&fflJS&ftOig-r. -7J. n>T-> 
m5f*-©g&#&5J®S- Ury^S 1 2 0. $> 
0) fctt. ACLIgiai^Mt^-yU Q\zm. 
mV U^>>^S12 2) . ^f-tl>7.+h-A*4 0^S 
ACLg^gmSrgffL (X^iyyS 12 3). ^©& 
^ry^S 1 0 0\zmflsT±MUKW&&i&VM-To 

[0 0 6 4] ^^c. m%m&79±zfflmmmv$> 
zms Ury/s loi, 7?ttw$mmb \z 

10 4 0£&fgU (Xfy^S13 0) . 9§mk=l>T>y 

ry^s 1 0 ois^ffu ±&i,rd$m*mr>w?<, 

[0 0 6 5] -D€\Z. ddT*. ACL»3£a&2 3K«k^ 
T|S3^$n.5ACL{c:-3^TUi^t-§ 0 03«> 7£r-fe 
7&#©-#J£^-r0-C$>r). 7^-b7^mi. ^iHfc 
#£#1331^6^ (PC SUE) &#£©2fBgdt 

fh^tUTte. ^-T. maxCount mYttfflsmMck 

^7 unt <rnmme> mmrnkt^njxmz 

tftW* t";tob^P^£lgflJ£frfc5£t-£fc©T& 
•5c 

[0 0 6 6] O^CDmaxLength (^-fcHUSASS) © 
^tt^mii(C*f/rr-5n>^> > y©fOT^Ka. totalL 

en m&mvm&z+mtiJimifriiii^giZ) t&o. 3 

bj;pi-r§feCDT*So O^COmaxTimeLen ggffBJfg 

sycNfK) <D£m&fm\zttifc?z>=i>T>y(Dmmw. 

SO mt, totalTime (Mf^mfflgd 3>^>y 
f -5 o€f©maxDebt (^AnJfg^li 

debt 0%&) T*f9. 3^©v-f^-7><ififgA^g 

[0 0 6 7] S^. %a^#5£H^^#<hUT«, * 

^^7.t?S-5o ^^©^S^/\*<X!c*fi4rr^^iSg^ 
ID©i777.{3;, DSNT&D. tIM 7©®gtv'J 

7;u##^fo o^©^5r-r7ic*frtrr^#js^^i 

D©^xte. MSNT$>0. pt^-f 7'©«St->'J7 
;p##g.^-T. rD€<D I c*- I 
Dte. certificatesl?*0. I C*- H^^T-T-SIiE^ 

[0 0 6 8] 0^©A#a5fefi. fciAt^g^^im 
(T-TU7) ^TSO. C*U^*T*4«BS* I D 
i» ©i^Xfi. txxjyPartsTfeO. A#:®f5:©^®El^T 
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$>&o ^€<oim&mmiztti&t-*&mm i d<d 

9 77.fi, timePeriodT$>9> □— *;U^P->^^>^o 

^S^ID^frXW, MACAddress1?«bO. MAC7 
U ^.tlic:^^-5^l^^IDC0^77«> location 

GPsfc-siHiPHs ^a-r-sfiBSr^-ro 

O^AOfHIif^itrr-S^m^ID©^^^^ us 
er-ID Wi thPwdTf* K> . ;x— +f I D £/\'7 "7— H Ztf 

\t, groups mwmm r dcd^^To 

[0 0 6 9] £<£>J;5&7^-fe;*.&fm. ANDiOR 

ttffitfCija*-&t)1i"5ItiT&-5o — "3©AC 

^, 

udacftacl 

read: ((grop=sysrapOR group=soft4soft) AND 
45661244<MSN<45661412) OR count<l; 
modify:user=yujiOR user=hataOR 
IC#card=lafd234fe4def458c3bac78497bbda6f; 
print: group=sysrap; 
©<£ o 13. A C L £|S5rr 3 C -5. 
[0 0 7 0] ^f^^n^ACUCcktlff. rreadj 
teB9!g-fc#S:5cU Tsysrapj £-5^(3: r so 

ft4softJ l?c5D, ^f-f7v'J7il«^MSN 
#45661244^A45661412;fc#Tij&<5;&\ &-5Uf;H&f£ 

grate* i itmttett. -m>b=i>T>yzmm ufc 

Tmodifyj teK8r&#£^U 3-— lf^*t Tyujij 
lf»tt rhataj $>^>l^i rifjcardj (Dmw 

riafd234fe4def458c3bac78497bbda6fj ~C$>Z>Z\tfrn 

[0 0 7 1] Tprintj WJffl^^b, 

*f)V—Zf& Tsysrapj KlPED. n>^> , y$WT-5^ 
t*n»€T*. COcfc^&ACLte. igffctt^X^rA 2 
O^it^^l 5o dOD 

ACLfS5£fi. GUI^ffl^S^KcfcoT&fft&WiS] 
.tr-So ACL®^^. ^f^Sit&JCl^ 

7^-fe7&# (1) «:**fr«Wi1?€r, tm&2\Z*i 
VT\Z7?-k7,$k& (2) 

[0 0 7 2] O^fC, 04^-r7D-5 L -V-h$#fi8 
LT. 3>f>y^3 OWF^ES^jlSfCIOViTift 
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2 0 0) . *y ^ 
^j&iAASttfc**©^ Uf7/S2 0 0, &L) 
tt, X^>>^2 0 0fC*3^*iJ»MS:glOig-r. 

[0073] *y bu-^^^>htmm=i>^>ys 
§M#) (cfi, £ co^s*$ nr^.mm.=t >7- > y £ 

F^I^^b U-T-yl/S 2 1 0) , ^^PhOACL 
*S3^-§ U^ry^S 2 11). ^UT. mUffS" 

y<? 77A2 ok, c®iHE3>5r>yafilK*KStr«S* 
#Sfr3T Ury7S 2 12). Xfy^S 2 0 OK 

[0 0 7 4] — ^yh7-M^>h«3>r 
>U/gM££-C&<5«£- (7f?^S 2 0 0. SEn> 

yyz&mm^xTt* 5 0 tcMUTismu u^y y"s 

220). c ©Sgn >5">!ygM!;£K2fr 

*iSar**OT#^-5rA 5 0 K# UCffV* Ufi/ 
2 2 1). XT-y-fS 2 0 0 (C^fr UT±^U/c^H5r 

SEn>^>y*8^KH-e*fNi#^7.5 i A2 oa>£ 
mm^>x^A 5 o Kgsftrr-s d iit/tva*,. 

t %\z. ¥&mm&>XT& 5 o <DTfiB<Dn>T>yyr 
[0075] ssK^-r^n-^-hs^fla 

L-T. ^ir>7i^-/^4 0©P«g3lMaa^stc:'^</iTlte 

05{Ci5^T. £f> ^-t^-t)— A*4 0 
*tl&*^53&^*JpjaW§ (7777S3 0 0) 

r 7 _/ 7 ^^ > h^A*$n^^»^- u^y 3 0 

0, &L) tdfi. ^0Xt7 7S 3 0 0<D«&r#yi ; £i&S 
[0 0 7 6] ^y h>7_ fj^s^y bi)^> ; f->ymmW: 

*t-^#8- (7t7 7s 300, ^>T>ymmm 

*) f'«. lt^$n^n>7-> > y©ACL€:LDAP>' 
XfA4 2^e.^tl Ufy7S301) , 
C®^LfcACLi^litrS7ft7^}ll|ffl 
40 U gf^ACL^^TS U7y73 0 2) 0 *0D 

DlHW*s*S*^§j&^JfWffU U777S3 0 3) . 

ttfcmmmi i Da»^st& u^-y 3 0 
ymgmmwsmtim^ms Uf77s303, *f 

&g\ZttlsT. -tfct>*>fflmmi/7.Tl±5 0\ZltiVTm. 
WW&mXVrc (7.5ry7*S3 0 4) $6^. r>€f 

4i? S 3 0 5) „ 
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[0077] ?g<Dyammm&m.m*$>&m& Uf 

y^S305, $>Q) IdS, 7s7- -jZfS 3 0 3f3£f?U 

(7fy^S 3 0 5, 

f7^S3 0 6) . 
[0 0 7 8] 7-f-t>7.f ! F^r/'4figaJ4 1«> 

0 7) . ACLrt©7^-fe^*fr*, ^Mffe^^jaS 
*©E1I»K3£' , W Ury^S3 0 8) 0 see* 
ACL l*I(D-r^T(D AND/O R j£&B8&EfiBBBl3£3I[ 
T<<5$aS£fr3 UryyS3 0 9) . ■^-c^^-f 
^>Xl^/£j5&gP4 1 tt, .1 ©£§!&-?< < "Stl^AN 

£j5S$ta£fr5 Uf7^S31 0) . -€-LT> 

tlTc 7< ± >7. Zmm&i'X tA5 0 Ki£ff L (7fy 

7S3 11) , X7y7S 3 0 0lS^UTJh3£L£:#l 

[0079] &j&£ttit?>ri* 

ta. 7<-fe>7.+T- A*4 0^£>ffJJB#->7^A 5 0 Ki£ 

fiMt^v-T-TA 2 0^£fiJJ§#->7.7A 5 0 Ki^ft^tl 

[0 0 8 0] 06Kli5^-C 7-f -£>;*.+>— A*4 O0A 
C L 4 3 fiKte, tft?etV&Wm.n >f>77 1~7 5 
£*fj£-3tt StlfeyXfAA CL43-l~43-5# 
^^nTt,^. ^CDv-X^-AACL^rfetfCl^O^, 
^tA.^E3>^>^7 1-7 3K*fo£rr-5->*^A 
ACL^Cg5gn>^>U/7 1-7 3fr*fr-57<-fe> 

7 8 4-86 im&tsti* mmm^xT&izmm-gn 
-5c cicD^<-tr>x8 4~8 6{a. ttfet&ymmm r 
D«t$nTi50. ^K«$s#sn-s> estate 

#LFB#>-77A5 Oteu ^-<ir>X8 4~8 6^e> 
^^7>hACL8 1~8 3^§U Cine»f3*f^ 
1-58Si3>T>^7l' -7 3' *«#U -ttl-Ptl 

[oo8i] z.(Dm^. mm^y^yy^mmt^nx 

T> ACL£^a>7>:y<fcfa^©Sg^£i£df L 
^-n^fife^U— h#S&-5*>©©, *fj^^t 
6nTt/i-5o n>-x>>y-y— /\*3 o^tJtelijg 

^*#7 0<hLT^ILT^-5„ 

[0 0 8 2] $e>{C^<-b>X-y— /N'4 0F«g<D 

L D A P vXfA 4 2 >T0 7 £#flB UTS^T 
•5. H7fcfc<,»T. LDAPy^4 2ll &!&©L 
DAPt-A'5tL, -E-©7 7^ 7>h-y— /\*tUt7 

<-tr>7.-y— a*4 o*M£g-^t6n, 7-r-fe>7-y— a* 
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4 0 ©<g3g© fctlcSLDAP ■*f—rti>mm.TZ> ~<hf3 
LDAPU - — MJ+r-t:7©tS 
ipT*-5 X. 5 0 0 Ctt^DA P ©g»li£© To h 

n)v*m^tc.Ti vz> Hj-y— /re&.5„ ldap-^— 

i> ^77-/^77 y >f-f/i7 7X9 a. xml 

[0 0 8 3] fLT. &£SJifl&MlWg9 1 ©^77IC1 
*5t^T, Town systanj f)^m^tli>t. Z.<D->X^Ix 
JO &i<'Z.T&i>7X9 2fr*> Tsystem namej fCcfcoT^ 
SSU $ "SKv-X^A^ 7X9 2faom*T-<( 7 Tcurr 
ait mediaj f3u 7^77©4»#"=>*7 i --f 7:77 

79 3£&3?U ^©^^7^^7.9 31^0 

uy^yyt^ ^<D=i>^>y\zMi^^xuLmm 

9 4&ig&r?Z>Z\tfr'T?&Z>o £©XMLftfg9 4©ep 
[0084] td 5T> fOT#v"77A 5 0 ©£f5£fiJ/B 

50 08^, #^ijffl^l0 0^ 77U-7— S> 3 
^ >I11 0«tOS^7-^;P@l 1 1 t^/t-f X«l 1 2 

£<z>3jn?«/££n, #jiigfa, j&g§nss-rn— 

Ofa, 3>r>7S4 • ^ff77 , 'J^r— >3 > 1 0 1 €• 

^ru ^awcta, »3>r>78[f^7<y7'ji 

0 2Sr7'D^7A ; E> , a.-;U«i:L-T^rr-5„ 
[0 0 8 5] >7> > ^^^7'1' 77 U 1 0 2 

XhU-yP7-fA*l 0 3, 77^>XfA10 
5> m®frJfflm^£^S^H7-rA*l 0 6-10 

7^10 311 □>f> , yXM/- v'T'A^X.^ffillj 

fij^^#^#ias^ h a* i o 6 - 1 o 8 it 
tt?twmmmimw&m 109-111 &mmz 

it. P^'T/tl 1 2faM^AVX 1 1 3 

0 4 t.mmmmjzmmi 0 9cD-o©siij^s^Tfe 
[0086] 09fa. mmwmimmmm (pcsu 

E) ©OS*-^;USl 1 lt7VH7il 1 2tCD*t 
^ JSM^£-^:L-T</>5. 0 9 {^fcfc "5 \Z. PCSUEI^ 

51 1 2fC43^-5ffi©7 ; /N*-fXfe^T?*-5 0 

\t> PCSUE13 1©Tfii:ttPCSUE13 3, 1 
3 4^«^t^n, P C SUE 1 3 4(DTmz\tP C 
SUE 1 3 5, 1 3 6^g^t^tl-5o Z<D&oU$L 

^M^s^rr-a pcsue i^±-cfa, ^an^ i d^© 

[0 0 8 7] rct:A.& DVDSS^O^^r-f 7S±^ 
iOPCSUEIl DVDf0/f-f70PCSUES 
SO ^LT*3«9> 3>f>77H't»^f-f 7 IDff^S 
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M^a^3mT-5. fctZJlZ. PCSUE134tPC 

suei 3 5 t<Dm<Dmmm^$>^<, *-ut, m±& 

©PCSUE0^PCSUE P^/StO^-fim 
ZftOo PCSUE A*l 2 0 tPCS 

UE 1 3 1 £<Dm%-Q3b% 0 foT, I^Df/H^lT 

[0 0 8 8] 7<-fe>X«. ±3£UtJ;5K. 

Kctd^^T^-feX'l^f^^^ID (PCSU 
E - I D) C^^T^^n&feOT^S, 
[0 0 8 9] grmfcZtirc.7^-t>X<D—M% 

[&1] 

MM K?ir«tlHi>l i^l K 4 I K,l K,l K,i 

Tcb^o ci^t, K>~K5te> -en-enpcsuE- 1 

CDir+a. U 5r-f aia»»i*^JHK:«-P C S UE - I DSrffl 

\zkm<dp c s ue - 1 r>fr*>mm.^znz> C 

[0 0 9 0] ^S^CDir^o-U^-f^a^iSS 
H— =&PCSUE-ID£#ftfc#Jl§lS^ 

{CUT feJ; fetAff. 

<D&o\z-tz>ti£<<\ z.ti^>(Dmm\KD^mmz^-D 

[0 0 9 1] MOPCSUE- I DSrOR^ 

Oft 3] 

\<-r**z.m*>\ K t 



O J: 5 ^#&{' (3u tn-?n® P C S U E - I D TBlr^ 

ffimL. AND, XORx ORSS^AWCUta* 
•&*>itfc7^Hi>;*£l/C£j*l/r i b«fc^. emtio 
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[0 0 9 2] ~d€\Z, Z\<D&o1S.y^-t>X<D±jmm 

ryZTS 3 1 0\zmT^±>X$umm^m<D-9-7)U 
-f>e©o 0 SSicisvVC 3; 9\ ±]£t-/cACLa> 
6 1 «7— H^c^a-T Ury^S 4 0 0) o to>Gm.& 

/S4 10), 

[0 0 9 3] K*tHUfc"7- r (j -Zdb&Wfe U 
fyyS4 10, r Q ) ACL <DWt&lii L>MfE 

411). -eom> ^f£NB£ TOj KBBfcL, Ufy 
^S4 12) , $^tCACL^"5l >7-^*aT (7. 
xy^S4 13) o ^om, MSWH.Lfc<7— FA* T Q 
T?**J&5j&**WrU Ut7^S4 14). r (j 7? 

gmNBt- r i j ^jt^urc u^yzf 

S4 15) §6, XfyyS4 1 3fC^ffUTW^ Z>g 

©17-H^ffit. 
[0 0 9 4] — tt*fflL»7— F# r (j 
Ury^S414, -eoffi) icfi, 2e»(c:ciOfE^Hi 

S416) .■ nofiywHu&^-Fai 0 j -Vfc^ 

-T^:t3^-€-Ofl&T?*-5#&lw«, 7f7^S4 1 3 
\zmfV. $«SiCACL^e> 1 "7— F£f^fflTo — 

cowywaLfc?— fa* o j T*$>«.»a-icfi. n 

B£i TOJ 7?*SA»SAi**!Wfr* U^->yS4 1 
7) . NB# TOJ Uf7^S4 1 7. N 

O) \ZU. NBOft5^ rij J^U XTy/S4 1 

[0 0 9 5] NBit TOj Ott Ury/S4 1 7. 
YES) {CIS, ACL<D^^«<D— ^M£#Mt*JA 
CLO^tUTgEtS-r^) Uf7yS4 1 9) 0 ^OD 
^> C10MF^ACLO^iz>X^i2lS€rfTt/i U 

f77*s4 2o) , ^mmumuz^mom^y 
p-tx&ftACizmwtztimzft^T ufy^s4 

2 1) , 7.7-y~?S4 0Q\zm??Z>» Z\tl\Z^X^ 
Mf*!® A C L £J£/£2ft-5o 
[0 0 9 6] — |ft*tHU&7-H*« r Q Tf^t,^ 

S^€r¥lJ©fr-& Uf7^S4 10). %m&fr$Ltd<t 
£mkft-?$>Z>m&\ZiZ. d05^$T^-t7.^#AC 
f-^L Ufyy'S4 3 1) , CCD^fr^firum 

2) . Xy L yZfS4 0 0izmfL. £e>KACL^£l 

[0 0 9 7] SKUHL^^-HAiWl^frSfctt^St* 

u^u/y°S4io, -eoDfdi) Wi, $6 
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m?Z C*r-y:/S4 3 0) o ^HdUfey-Fa* ro 

i) = "toy®.. $6.^^eufc7<'b>7 > ©4'f3Ac^ 

**n*a«avS#8lrU Ufy/S442) . AC# 
^•£ft-5J|§£ (7fyyS4 4 2, YES) tfi, Xf 

y :7s 4 4 1 icks?^ ±>7,±jmm<nmK>te$:m^ 

T r {AC. hash} Kp. MOMJ tft57<t>7l: 
IS3£L UT7/S4 4 3) , £CDffej£Ufe^f-fe>X 
Sil-T Ur'>yS4 5 4) „ — ^ 7<-fe>XCD*lC 
ACi^tlT^^ (7fy^S44 2, NO) 
fctt. X^- yZfS 4 4 1 K<£5^t>X£5$8yiCDgl 
Offl^-fflt/^T T (Kc, AC. hash} Kp. MOMj t 
feS^-fe^lOKJtb (7.^^^5 4 4 5) . Z<D!k 
J&Ufc7<-fe>X£:iI-r Ut7^S4 5 4) „ 

[0 0 9 8] -35f, H*t TORj Tffen 

#£■ ttfy?S4 3 0, -eCDffi) Ctt. CCD 
9KWaUfc"7— H** TANDj Tf^-S^S^S^Wr-S 

Uf>^S4 4 0) . tfcMBUfc^-Fai HAND J 
T***^*. d®W5*HJU»:»7— H^6SW)ACL 
©7-T1r>X±riSJDffl*fft> Ufy^S452) » £ 
©^1r>X£j5£^<DM9ffi£fflUT r {MOM. A 
C. hash} Kpj £fe*5-f (X^j/^S 
454). 

[0 0 9 9] £6(3, TAN 
Dj Ufy^S440, Ktt. 

r {Kc. AC. hash} Kpj tft*Mt>7t»f 
Ufy7S454) . dntCckO> ACL^e^t 

[Oioo] o^K, hi l (cj^-rxo— 3^— h£# 

Wt&o 01 lKcfc^T, $HUfflfyXfA5 Of J, 

•y^S5 0 0) „ 3>^>y©50iffig^fct*!§^ U 

Tyyssoo, few zwwmmm&moM 

0 0, $>Q) iZit, n>x>yCD5pJfflH^3lfrr-5 
(X^-y^S 501) „ -€-cm ^3SJI^CDIiE^#CDW 

7< ± >X+>— A* 4 0i^^ fcMSfcSW L 
(X7^7S 5 0 2) . ^ai^CDIE^SCD^^tfe^ 
Ut7^S5 0 2, feL) fclj, 7ryyS5 0 
8 K30fr t--S>o 

[0 10 1] — ^ ^S^OSE^SOM*&i*ofe« 
Ufy^S5 0 2, &9) Cite. $f3IS?$S I DK9! 
g£gc#-ttiL (X5^:/S 5 0 3) , ^-fflL^fc&Lfe 

*s*»*tijajprs Uf^ys5 0 4) o wtfrtouzik 

&Ufe#& (7T7^S5 0 4, YES) \Z\Z. X^- 
^£^<-fc>X+>--A*Ki£{§LT (7x7^5 0 
5) . Xt7^S5 00 \zmr-fZo —Jj. M&fHLC 
^SftLfe^«^- (Xf7^S5 0 4, NO) Cite, ^>Sf 
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®»BSI»**-B*5^**!IWrL, Ufy^S 5 0 
6) . r5€cD#r^|^^*§^ (7x7^8 5 0 6, 
&9) fCS, Xxy7S5 03K3£frUT, ^C9#ja 

[0102] — ^ ^<Dmm&mfrf<z\,*w& (at 1 ^ 

^S 5 0 6 . feL) fctt. 4&H£$i I DfE^«8p^7-r 
•fe>7.+>— A'4 0{C^KtL Uf7^S5 0 7) , $ £ 

io ^S5 0 8) „ Qwm-fr^—-Q$>z>m£ ufy^ 

S5 0 8. X^-) Kfi, 7.-^<yyS5 0 0fC^ffUT 

Uf7yS5 0 8, ^f-fe>X) (3(1, $«5(C, 
rK-tr>X£#igi^3Sl (PC SUE) 1 \zmi< (X^y 
/S5 0 9) . X^.yX'S 5 0 0 (Sf£ffUTJ^Ufe#l 

■f -fe >x-y— a 4 o e> 5K -tr >x -a c tan? 

[0 10 3] d^T, PCSUEltd (N-l)ffl 
i» CDPCSUECDft^COPCSUESr^U — flSHJKPC 
SUEiTSU ifi\ 1~ (N-l) 0D^tT&<5„ 
tuT. §PCSUE i *W1:>X£^*nfeP#<D|*J 

mmmmz-D^tmi 2©7D-^t- h£#$?ur 

[0 10 4] 01 2K*5</vr. *fPCSUE i (3u £ 

ftufe^rir>x£Kpi-wrr'5 Ufy^6 o 

0) . i®Sfbfc7^t^ttAC i £fftiffi 

U Ufy^S6 0 1) , 7"^-feX^#AC i CDfpfiffiS 
^tBj^^j^fij^f-r^ Ufy^S60 2) „ TV 

0 2. ^1) (C(^ X^HJyiSrfToT U^^^S6 

04) v #$ajg£frrr<5. — ^ 7^t7^#Ac i 

C9W«^*dt«r-Cc&-5^ Ufy^S6 0 2. "5J) (d 
\t. CCD^L^i^'r-tr>X5:PCSUE (i + 1) (3 

iH{&b. '&M*mf£^ *pcsue i (Dpmwmz 

[0 10 5] -D€\Z. PC SUE (i+1) (3u PCS 
UE (N) C«SU fei>L(^ H^/N'-f 

/<? tiTHl 3\Z7ik-?7a-^—h%^VTWtm'?Z>. 
013tC*3t/iT, S-T, §«Lfc7-r-fc>X^KpnTS 
U^y^S 7 00), ^CD^> ClCD^bfcZ 
^t^^ttAC (N) £ffliffiU UT7/S7 0 1) , 

ttfy^S 7 0 2) o fmSfe^Cf^JTS-SJ©^ U 
TyyS7 0 2. ?FpJ) (C(J, Xv-«aS*fToT (X 
ry^S7 0 3) , #$0S£i&7LT, i^mW(CSg3 

>r->y *^-r-5 i^Ttrfe^ c: tt'fe^. 

[0 10 6] — ^ 7?-feX&frAC (N) (C*}-T-5i¥ 

^ <m&kfiw?&z>m& (7T7 7S7 0 2, pj) 
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S7 04) , &zr\stt>T>y$m$Lr : n'( KtimZi 

V (X^y 7S 7 05) , *«ES*l*Tr*. 

[0107] ci^t. Mimu^-tyTsCDm-^mk^ 

mi 4£#R8LTl&9rr3. Ell 4K;:fc<,:>T, 5<-fe> 
A*4 0T?^$tlfe^-f-fe>Xf^ Z^-feXfftBW 
'J 7. hACLia>f> , ytf*-ti&ff4r/H7 1 
4 4<DVtW^m I DT&5*-K p£ffi<,voiH§fl;U 

^DSN14 1 t^f-f714 2?)/f-f 7->U7;P 
##Tf*-5MS N 14 3 CD%tm^mftl<DM$:*-£ L> 

[0 10 8] 3^, X hls—zPrtM 7s 1 4 Ote, j*^ 
-f 7 1 4 2 K^&3PF5j£>MS N£f^&«%s Z10!X1 
h l^-yf/H^ 14 0 S#cdd S NiCDg^ftfiMii 

tt#T*£, 7<-fe>7.«> {ACL, Kc) Kp<b& 

4 4{C2ISn. ^fA'-f714 4(t H^r/Vf^l 

4 4 i^trrs^g^ i p Srffi^T 
7-<-fe>7>£^§U 7^irX^#'JXhACL<i:n> 

^>yte, BtfA'-f^l 4 4fcJ;^TS^$n-5c:«»: 

[0109] ±j&vrz7^-iz>xm<t7^iL>z.jm 

£#JI8LT£<5CTJirr<5o 01 5K33<,>T, fijffl#i> 
7rA 5 0 ^-T^>^> 
^S:f(iffl'r-5.^:«e)^<-tr>Xll^^l 5 2^SH^ 
I DgE^£#UT^-f -fe>X1i— /\*4 o fcigta-r&o 
42(131^ I DEHJ!Wi, ?iJfflm^f^SH^ 

mmmwmm 1 5 3 ^ -rmmmm^mmm 1 

5 o^ifcftsn, ^-f -t.>7M$mm 1 5 2 fCct^T 

[0110] — ^-f-t>x-9— a*4 o^e>^-r-t> 
-<-t>7 t *m#u 7i7-fe7.frBT5aa 1 5 5«, ^r-fe 

>xmmffll 5 6a>6>^r-fc>X£I&#-r5<h<h ; b 
13, ffJffl^Hf^#(SS^ I DgMIS 1 5 4#flJJB^ 
3BB£4ft95%9iftRfta@l 5 3 *^LT«fflaH(f 
I D U $ 6, £#ft#lJS 1 5 7 ri> 6?OTtt«*flS[ 

[0111] ^l-t, n>-^>iy^^asi 5 9fi, n 

>f>7tl§*-JIliTigl3 >x>y 1 5 8 

U s F^<D3>5=-> , y^tB^-rs„ &*5, ^ftfUUll 5 

7te, WbSE^feSISlIt 1 5 1 »3t$DU fiJH§m& 

^^si^i 5 1 \z&-d xm&commvtMfimm izm 
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[0 112] 01 6«, 08fC^Ufc#3^pJ 

®§iis^o^wiai?*§. m 
mmL. ^mmem^ 1 cx-wz^&Tj^xm 

\zm^tZ> Z\ <tfiW3L^*Z\ iLwipk., 
7<? [0 113] tefe, ±j£LfeSSifiO^Si-U^ t,ifei$-5 

^)i'%m$£Lrdfcf&\zbmm^g%(D\zw<z>fr-Q3b 

•So UlSr>yyr— A3 Oj&i^f 

A* 4 0 rt£rtaSBB£*T#:*M&«»: LHOWtt^. 
[0 114] $61', ±5Ebfe^SSG)^T(i, ffi 

^z>&. z<dm&iz&^t. w&smmtt&m^-c 

20 $> v. mfozn&i/x^&\zfoVT^n^tm®w&: 

[0115] ±se isfcmm<D%m\zm-?viwmm 
\zit. mm#zsX7-& 5 0 izmm<Dg&(D&--e\tfc < , 
£©fOT#->x^A 5 0 ^mm-tzmzm^nz*^ 

-f7. t^CD-ROM, DVD, MO, I C#— 

30 m\z^nT. =t>T>ymimffifflfrfc-znz>z.t\z 

[0 116] 

uzmmm sLtmmvrz.&o\z, imwik^s 

gen >T>y\ztt?%wk<mmmm*i#kft*z*>iz 
40 ^mu^z^m^(Dm^ty&iz^-3 Tmm.itmi l 

mfm^mzm^rc^mm^m^mt-r^ ? 

[0117] mj>m2\zfrfr&3m\z£.ti\z. wc 
5^ ^s^cfct;«rfspjffl#cDfijffl^i^L;T3!^tr-g>* 
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X Zf U - l^*«-**fr7?*«^«f*fr«*tT«k 5 K LT 

#iz&oamz?f o ci tan?** t» omk&mt&o 

[0 118] »^3tC^-5^fCcfcn«> £ 
*Iffl##S<7)m®«I^^!llCli-r SttMMKK * r> X 

[oii9] sat, ffism4:\zfrfczm}iz&tti& m 

[0120] SEfc, m$m5\zfrfrz>mw\z&ti& m 
m^^^mmz$>^m^m-v$>z>Th—^<D^m 

[0121] mime \zftfrzmm\z m 
M*yhv->7±iz. m&mmimmmm\z&^T 

n >T>ymfc^*%.tfttrtxm&mi\iVtt >^ 
>y*mmmm>&izmm-z>zi >^>u/+>— 

LT<^-5<ZU?. Wttk*y hV-2$rtftlZfgmi>Tmm 
zs*TMZ&VZ>h?7 1 y>7(Dm$k%:Vj}kVX, ISM 

\z^>T>y$m§?&z:tfrx%Z£^5im?:m^- 

-5c 

[0122] m&m7 izfrfrz>mw\z&n& «t 

#tBrr*«»ji«itu£^ jfc«ws3 >^r>y K*rr-s 
Wkoy&ftmm&Bi&fr^ *> \zmmm&&TMi8mn.<D 

mmfam^&\H<D&mm£m\zm?r?z> z\t\z^x 
n >T>ymmm&*&ttttWTmmi\m&m\ztt 
m&zh&zmmimn^&ms&zmmzi >^>y<D 



(15) 4#§82000-293439 

28 

stiz&mr*. mm&m,^ m&n>T>ymmmt 
\zj& cxm zn%m&mmzmmmm^mz£. * 
y>i^m<om>\ffim$:b£iz&m^. m&f*mw°i#kft 
£m%.-fz>M&\zmm=i >^>y(Dm^-^m^xM 

<dx. fmuzi>y-yymmmm\z^om^\\:, «*mk 
zAim\z$m?z> z. tan?** t (.^ansr^-r-So 

[0 12 3] B^S8, 9K^*5fi«K:«fcn 

>y#mmm<msm&\zm-%m)/mL&&x}mm 
\zm-?z>m\im&mm?z>£. t<m, tmn>y-> 
ye>$mm&zttfovxzi >7->ywmmmz^xm 
m-ztizmmm^ mmziy^>y^mmmomm 

fkfr*miz. ^fm^n^m^\zms£^sbrdm^-^m 

^xn>T>y<DmM%fto&o\zLX^Z><DX. $m 

mt<D^n >T>ymmffiffl&fto z t.$*x&2>£^ 

[0 12 4] Site, mimi 0.11 fcjfaW&JSHfcJ: 

x. — s^^S<Dii5t,iri y^yymmfflffl&n o z t 

^5? [0®©fiM££:i$£g)!] 

[0 1 ] *5WiCD-^ ^©JgHT*53>^>y5flJfflft!j 

[02] 01 L,fz.wm&gzsx 2 o ©F^a^as 

mM^tyu-^y- hx$>z> a 
[03] ^m^#t#SS!l^^g^#tCD— 

[04] 01 fc^Lfe3>5 i > < yy— ;i3 ooi*iSf5^Ea 
m^7^tyu-j-^- hX$>& 0 

[05] 0it^bfe7-r-fe>x+^A*4 o©f*iifiJ5as 

[06] v-r-tr>xit-/\*4o^'Siie.n5^'r-t:>x 
t^Wv'^.^Ai o$.-5>o^izi>T-> , yy— /\*3 o 

d^2ie»n-5SEn>-r> , yt<D||^S:^-r0"CS-IS o 

[07] Slt3lfcLDAPyXf^4 2©#|f&£^ 
■T0T?^So 

[08] ot^cd i/-r ^mmMmz^-?mx$> 
[09] ^Bi^^fe^^sj^oD-^j^^Tab 

•So 

so Ml 0] ^-fe^^SOS^li^-n^ya-^ 



(16) 



200 0-293439 
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[Ell] 01 fC^bfc*IJffl#->X^A 5 0 (Dftmm 
[012] «raW«W3eWHBl5C«J:*9-f'fe>^«# 

[01 3] n^fvt-f zcD4Sfflaetffc<fc*7-f-t>^« 

[014] v<t:>XCD^^T^©—^|<&^-r0T?* 
[015] ^-f-fe>^M^t7<-fe>X^{c:J;§n> 

[016] #^ffMm^©«i>^^ 5m K€#yg#*fc 

#5:^Ufc^K&ttS£^^^<D^£^T0-? 

[017] fi^f'^lt-ST^-fe^^fffll^^^^T 

[018] e¥*^lt-57^-fe7.WfflI ; E^;HC^L^: 
3 >^>!y*UfflfflfflI->X5 i A©«@|«fig^-r0-Z?* 

So 

[019] ^^tzy^^mm^^v^tm-^db 

[020] ££*K35tt-3 n >^>>yf OTftfPixX^A© 

n >^>yge^5^£j*-r0-<?&.5„ 

[021] n >^>>y+-v «y ^rLnjfgM^^^S^-TE 
[02 2] 02 1 ld^Ufcn>7 = ->^/+i">va"SJffi^ 
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[023] n>^> > y^f^gB^si^;^^-r-5rj> 
^>iyffM^i->^7 i A©i^«fie<&^-r0T?** < , 
D8^©Bi9§] 
i 

2 fl]ffl# 

1 0 n>^>^fijfflft!lfflI>'X^A 

2 0 WmmisXTA 
2 1 

7/? 2 2 

2 3 

3 0 
40 

4 1 

4 2 
43 
44 

5 0 
5 1 

20 5 2 
5 3 



ACLiSStSB 

LDAPi/XrA 
TZttfflmVXh (ACL) 
+- 

sen >^ >2/»*/««wij 
54-i~54-n wmm&mwmm 

5 5-i~5 5-M nyj-yyT. hU— Vri%47* 

56- 1-5 6 -L n&r/t-iT. 

57- i, 59-i. 6i-i I D 

58- k 6o-i. 62-1 mMk/®m^m& 



■ (HO) 



(PCSUE) 



TO 



W3: 

m4 F»<* 



012) 



O ^-HHi" - ^e:- 



win 

(PCSUE) 



* W, 



(17) 



Orm 2 0 0 0 - 2 9 3 4 3 9 



[01] 






•si 

n 




in 


eg 


_, » 










i 















(18) 



2 0 0 0-2 9 343 9 



[02] 



01 




81 30 





1 * h 


^ ,S131 







S124 



(19) 



#§12 000-293439 



[03] 



#tt*f*tt (Account Condition Value) 


^^tta. (Usage State) 




max Count : 


count : *f**aa 




max Length I R*tHL§±5? 


totaJLen : U*m L5S»* + 




max TF mo Loft . HfT°J bejhXKJDu 


totamme : *frSWW* 




max Debt . wARJEtW (ItZSpfF) 


debt:** (^-f^iHtAfcff) 










*3Smtt£Ht (PCSUE) *n 


&mmmo9?X (PCSUE-IDCtass) 


(i) 


PSN (^O -b v * -> U 7*W) 


(2) BfflT'/W^ 


dsn : T*/«*<Dra» y'J7Ji4W 


(3) ^f-f7 


msn : 70>«aK i/'J7^;u#^ 


(4) IC2>- K 


certificate* : IC*- JfcfrT&EWI 


(5) AftStt UWft\ «*") 


body Pan. : AttBtt UK-) BR«W8 


(e) tfzittmmn 


time Period : (d-A^d-^. GPSfr£) 


(7) *-y h«7-? K*-f > 


MACAddress : MAC 7 KU* 


(8) ffllffl^i!) 


location : GPS/PHSttttHfcjl 




user-ID WlthPwd : i~iflDt/^7- K 


do) 


group : 4MMID(73** 



[09] 

t fc -a £ una -h t * r b 



mi) 



{PCSUE } 



120-4 i m-j i 

^^Tt,,, TtTT 

-4 PCSUE [J 



1 PCSUE Li 34 

135- PCSUE jj PCSUE -138 



[18] 







1 ' — 1 


• «?» 




t 






5»Xt>A 


















^r>7ftft J 






** 




imt 


ACL»* 







(20) 



#§1200 0-293439 



[04] 




[01 2] 




U£? /« a «*3MC * ft 9 -f * > X 




(21) 



[05] 



B1 C^LJt7Y'b>^if-^30<D^SB4aS¥JBt^-r7D-^ir- h 




ACLrtttT^TWAND/ORSS I 

T 



S311 



(22) 



tiffl 2000-293439 



[06] 




(23) 



#H2 0 00-293439 




II 4] 



Kp 
DSN 



5< *>xn**vme>-H tSTB 



ACL, Kc ► 3>y>V 

i 



lACUKel Kp\ 



—►I (ACUKe) Kp) (DSN0MSM) 



X hi — 5?t»/W * 



| MSN f - V ^ - 



142 
143 



(24) 



#P 2000-293439 



[01 0) 



ACL»5 !9~Kg»ttt f S400 




Ueanse- 
Ke.AC.hMhl Kp 



frSjjgACL) 





Ucen«o- 
«»J*JVC.h«sh* Kp 



fr&gPAGL) 
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* NOTICES * 

Japan Patent Office ic not responsible for any 
damages caused by the use of this translation. 

1. This document has been translated by computer. So the translation may not reflect 
the original precisely. 

2. **** shows the word which can not be translated. 
3.1n the drawings, any words are not translated. 

CLAIMS 
[Claim(s)] 

[Claim 1] In the contents use control system which performs use control of these 
contents offered by the information offer authority person including those who were 
permitted by the information implementer and this information implementer who are 
an implementer of contents A user means by which a user uses said contents, Further 
two or more partial use authorization conditions of receiving said contents based on 
the identification information about the physical element of the user means containing 
the media used within said user means concerned, and the identification information 
about said user with the combination of an OR and an AND The contents use control 
system characterized by having a setting means to set up as use authorization 
conditions which carried out the structuring expression, and the use control means 
which controls use of said contents by said user means based on the use 
authorization conditions set up by said setting means. 

[Claim 2] The partial use authorization conditions which said setting means sets up 
are a contents use control system according to claim 1 characterized by including the 
accounting conditions which are conditions over the category which changes 
according to said user means and said user s use situation. 

[Claim 3] Said use control means receives the contents use demand from said user 
means. It has a generation means to generate the consent information enciphered by 
the identification information about two or more physical elements of the user means 
containing the media which use said use authorization conditions and the decode key 
of said contents within said user means concerned. Said user means decodes said 
consent information sent according to said contents use demand based on the 
identification information of the physical element by the user means concerned. The 
contents use control system according to claim 1 or 2 characterized by using the 
decode key of said contents and decoding said enciphered contents when satisfying 
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said use authorization conditions. 

[Claim 4] Said generation means is a contents use control system according to claim 
3 characterized by rr^!tip!exing encryption hy the identification information of the 
physical element corresponding to the partial use authorization conditions concerned, 
and performing it when between the partial use authorization conditions within said 
use authorization condition is described by the AND. 

[Claim 5] Said physical element is the contents use control system of any one 
publication of claim 1-4 characterized by including the physical element included by 
other physical elements. 

[Claim 6] The contents use control system of any one publication of claim 1-5 
characterized by having further the contents server which holds the contents 
enciphered with said information offer authority person means, receives the contents 
distribution request from said user means, and sends said enciphered contents to the 
user means concerned on an open network. 

[Claim 7] In the contents use control system which performs use control of these 
contents offered by the information offer authority person including those who were 
permitted by the information implementer and this information implementer who are 
an implementer of contents The user means which decodes the contents which used 
the decode key of said contents and were enciphered when satisfying the use 
authorization conditions which decoded the consent demand which performs the use 
demand of contents and is sent according to the contents use demand concerned 
based on the identification information of the physical element of the means 
concerned, and were acquired. Further two or more partial use authorization 
conditions of receiving said contents based on the identification information about the 
physical element of the user means containing the media used within said user means 
concerned, and the identification information about said user with the combination of 
an OR and an AND A setting means to set up beforehand the use authorization 
conditions which carried out the structuring expression, and a condition storing means 
to store the use authorization conditions set up by said setting means, An extract 
means to receive the use demand of the contents from a maintenance means to hold 
the decode key of said contents, and said user means, and to extract the use 
authorization conditions corresponding to the user means concerned, and the decode 
key of said contents. The contents use control system characterized by having a 
generation means to generate the consent information which enciphered said use 
authorization conditions and the decode key of said contents based on the 
identification information of the physical element sent from said user means, and to 
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send out to the user means concerned. 

[Claim 8] In the contents use equipment with which it connects with a network and a 
user uses contents A demand me?"s transmit the identification information about 
the physical element of the contents use equipment concerned, and the identification 
information about a user to the contents management equipment which manages 
contents according to the use demand of contents, A means to decode based on the 
identification information about the physical element of the contents use equipment 
concerned, and to ask for use authorization conditions and the decode key of 
contents from the consent information transmitted by contents management 
equipment corresponding to the use demand of said contents, Contents use 
equipment characterized by having the means which uses said decode key for which it 
asked, and decodes contents when said use authorization conditions searched for are 
judged and a permission is granted. 

[Claim 9] It is the record medium which stored the program performed by computer of 
the contents use equipment with which it connects with a network and a user uses 
contents and in which computer reading is possible. The demand process which 
transmits the identification information about the physical element of the contents 
use equipment concerned, and the identification information about a user to the 
contents management equipment which manages contents according to the use 
demand of contents, The process which decodes based on the identification 
information about the physical element of the contents use equipment concerned, and 
asks for use authorization conditions and the decode key of contents from the 
consent information transmitted by contents management equipment corresponding 
to the use demand of said contents, The record medium which recorded the program 
for operating the means which uses said decode key for which it asked, and decodes 
contents when said use authorization conditions searched for are judged and a 
permission is granted and in which computer reading is possible. 

[Claim 10] A user corresponds to the use demand of said contents in the contents 
use equipment using contents. A means to decode based on the identification 
information about the physical element of the contents use equipment concerned, and 
to ask for use authorization conditions and the decode key of contents from the 
consent information on contents, Contents use equipment characterized by having 
the means which uses said decode key for which it asked, and decodes contents when 
said use authorization conditions searched for are judged and a permission is granted. 
[Claim 11] Are the record medium which stored the program which a user performs by 
computer of the contents use equipment using contents and in which computer 
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reading is possible, and it corresponds to the use demand of said contents. The 
process which decodes based on the identification information about the physical 
clement of the contents use- ftnuinment concerned, and asks for use authorization 
conditions and the decode key of contents from the consent information on contents. 
The record medium which recorded the program for operating the process which uses 
said decode key for which it asked, and decodes contents when said use authorization 
conditions searched for are judged and a permission is granted and in which computer 
reading is possible. 
Detailed Description of the Invention] 
[0001] 

[Field of the Invention] This invention relates to the record medium which recorded the 
program information offer authority persons, such as a copyright person, make 
[ program ] a computer perform [ program ] the contents use control system which 
controls use of the contents offered through an open network, contents use equipment, 
and its usage and in which computer reading is possible. 

[0002] A monetary role provides people with fair remuneration with the property as 
matter called the money. As for an object called money, it was indispensable 
requirements not a mere verbal agreement- share concept but for forgery [ further / exist 
physically, can carry and / in addition to a publishing agency ] to be difficult. It existed 
physically, and by being portable, it could check impartially by the users of the value, 
and fair money issue -origin was able to control the opportunity of the fair check by 
counterfeit difficulty. However, the day when now monetary forged difficulty will 
collapse by development of a technology in recent years is near. The new value check 
object replaced with money is needed. It is necessary to exist physically too first, and the 
object can be carried and needs to be difficult to forge. Furthermore, the object carries 
out the access control of the publishing agency. 

[0003] In addition to the demand from this security strengthening side, the demand of 
implementation of a "superdistribution" is also increasing from the side face of 
diversification of the distribution of information, large capacity-izing, and improvement 
in the speed. The environment which realized this "superdistribution" satisfies the 
following conditions, that (l) information user can obtain digital information for free 
mostly, that the conditions on which (2) information providers specified the conditions 
(accounting, alteration use conditions, etc.) to which use of that information is 
permitted, and the user has agreed can be forced, and (3) - in using this service, a 
required information user's add operation is "check of access condition" extent - it 
comes out. [ namely, ] 
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[0004] It is expectable that accuracy and the system which can be performed safely 
contribute the access control of such a superdistribution also to unfair correction of 
royalty collection, such as a charge of a license, the present system - a work -- about - 
although a provider cannot gain profits unless it can sell a number, to be able to build a 
system so that it may cross to a copyright person's hand correctly is desired. Moreover, 
the remuneration corresponding to each one of service charges is wanted to be 
distributed impartially until it results [ from an expert-artist ] in the designer who 
offers creation as components. 
[0005] 

[Description of the Prior Art] When access to contents, such as a work, was 
conventionally controlled on a distributed-system environment, especially an open 
network, use of contents was controlled by storing contents in the server which can be 
accessed from the user of contents, and controlling access to this server. Here, contents 
are digital contents with the structure recordable on a single store medium as a set of a 
bit string, and a document text, an image, an animation, program software, etc. are 
included. 

[0006] For example, drawing 17 is drawing showing the conventional access-control 
model. In drawing 17 , contents 204 are enabling contents actuation from a user 205 
through the access-control function 203. Moreover, for example, the copyright person 
200 was taken care of by the access-control function 203 in contents 204, it is only 
registering with a server and the access-control actuation to the access-control function 
203 was made by persons other than copyright person 200, for example, the manager 
who manages this server. 

[0007] That is, it is managed by the server employment person system 211 in which 
management employment is done by the manager 201, and the server employment 
person system 211 performs a copyright person and a user registration to the server 
system 212, and the server system 212 which holds contents as shown in drawing 18 
performs directory generation for it, and also performs permitting the access control by 
the copyright person further. The copyright person system 210 makes the contents of a 
copyright person's work save in the server system 212, and sets up access-control 
conditions (ACL) to the server system 212. In this case, a copyright person has to get 
authorization of an access control to the server system 212. On the other hand, the user 
system 213 acquires the contents saved in the server system 212, when performing a 
contents Request to Send to the server system 212 and satisfying ACL on the occasion of 
use of contents. 

[0008] However, if all authority is granted to the user of contents and a user changes by 



5/32 



migration or the copy (duplicate), to the contents of migration or a copy place, the 
authority of the copyright person of a basis will not be committed at all. Moreover, 
between the server manager who saves a contents object, and the copyright person, the 
state of access consent compulsion to an object is not clear, either, for example, a 
copyright person does not refuse and have a server manager, and to be able to change an 
access privilege was made into the natural thing. 

[0009] On the other hand, without the distributedsystem environment's having been 
promoted by low-pricing of a storage in recent years etc., and network traffic 
concentrating by it, the cache of the contents can be carried out to two or more servers, 
it can distribute now, and access to a contents object could be performed at the high 
speed. Therefore, although the access-control model as shown in drawing 17 should just 
build the firm access control function only to the entry to the contents actuation by the 
user 205, it needed to perform all the directions- access control or security protection 
under the distributed system environment mentioned above. 

[0010] Then, the access-control model as shown in drawing 19 was able to be considered. 
The copyright person 200 is separated into the copyright person protected area which is 
a field which can be protected, the open field which receives the attack from all the 
outside, and protection of an alteration of hard/software and the secrecy protected area 
to which digital data duplicate prevention processing is performed by the conventional 
security technique in this access-control model. A secrecy protected area is protected by 
the omnidirection access-control function 221, and contents 222 are saved in this 
access-control function 221. 

[0011] The copyright person 200 is also enabling access-control actuation to the 
access-control function 221 with registration of contents 222 to these contents. A user 
205 will acquire contents 222 from an open field through the access-control function 221. 
In addition, the field protection interface 220 is an interface which performs protection 
between a copyright person protected area and an open field. 

[0012] Somatization of the access-control model under the distributed- system 
environment shown in this drawing 19 is indicated by the U.S. Pat. No. 5339433 
number official report, and the technique of checking a user's device in JP,9- 134311, A, a 
U.S. Pat. No. 5392351 number official report, a U.S. Pat. No. 5555304 number official 
report, and a U.S. Pat. No. 5796824 number official report, and preventing unjust use of 
contents in them is indicated. Hereafter, the conventional contents use control system is 
explained with reference to these official reports. 

[0013] Drawing 20 is drawing showing the contents distribution model of the 
conventional contents use control system. In drawing 20 , it is equivalent to the secrecy 
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protected area indicated to be a decode protected area and a playback protected area to 
drawing 18 , a decode protected area is a field of protection of an alteration of 
liar d/sof tVr ar c , and duplicate prevent^ protection of output data, and a playback 
protected area is a field of duplicate prevention of digital decode data. The use 
environmental specification physical element (PCSUE) 235*1 ■ 235-N are physical 
elements which specify the use environment of contents, and, specifically, are CPU, a 
peripheral device, a removable storage, an IC card, etc. 

[0014] In a decode protected area, the contents 234 which are the duplicates of the 
contents 233 enciphered by the copyright person 200, and exist in the server of an open 
field are decoded based on the certificate 236-1 of the physical element ID corresponding 
to PCSUE 235-1 - 235-N - 236-N, and these compounded contents are used for a user 
through a playback protected area. Therefore, contents are enciphered by the key 
corresponding to a physical element ID (contents 233), and in order to decode the 
contents 234 corresponding to these contents 233, each physical element ID or the 
secret key corresponding to it is needed. 

[0015] A license has the contents cache possible mold model acquired to another timing 
by saving the contents enciphered as the license coincidence model which distributes 
the license used for a contents distribution model here in order to decode the enciphered 
contents to the enciphered contents and coincidence into the cache of a server. Drawing 
21 is drawing showing this contents cache possible mold model. 

[0016] In drawing 21 , first, it is a copyright person protected area, and an author 200 
generates contents and enciphers these contents, after that, he reproduces and a cache 
is done to the server of an open field etc. On the other hand, the certificate 241-1 which 
enciphered the physical element ID of PCSUE 235 1 - 235-N - 241-N It is outputted to a 
copyright person protected area in the condition of having been enciphered, and a secret 
key Kp is taken out from the user physics object class corresponding to PCSUE 235* 1 * 
235 N. This secret key Kp, and a certificate 241- 1 - 241-N to a physical element ID 243-1 
- 243-N are decoded, and by this physical element ID 243 1 - 243-N, the contents decode 
key Kc is enciphered and it outputs to a security field. 

[0017] In a security field, the enciphered contents decode key Kc is decoded by the 
physical element ID 242-1 - 242 N, and the contents decode key Kc is obtained. The 
enciphered contents 234 which are acquired from an open field using this contents 
decode key Kc are decoded, and a user 205 is made to use as contents 244. 
[0018] Drawing 22 is the block diagram showing the outline configuration of the 
contents use control system corresponding to the contents cache possible mold model 
shown in drawing 21 . In drawing 22 , the copyright person system 250 exists in a 



7/32 



copyright person protected area, the contents server 251 exists in an open field, and a 
license server 252 and the user system 253 exist in a secrecy protected area. The 
copyright person system 250 enciphers the coated contents, and saves these enciphered 
secrecy contents at the contents server 251. 

[0019] Moreover, the contents decode key Kc is transmitted to a license server 252, and 
the transfer of the right of an access control is performed to a license server 252. 
Furthermore, an access control list (ACL) setup is performed. When the use demand 
which shows that contents are used is transmitted to a license server 252 and the 
certification group of a physical element ID is not attached at this time, by the physical 
element criteria specification of a license server 252, the user system 253 acquires the 
certification group of a physical element ID, and sends it out to a license server 252. 
[0020] A license server 252 acquires the secret key Kp of a user's physical object class, as 
shown in drawing 21 , and the contents decode key Kc enciphered with the physical 
element ID which decoded and decoded the physical element ID certification group is 
sent out to the user system 253 as license L. If the physical element ID of the user 
system 253 is in agreement, decode is performed by this and secrecy contents can be 
decoded by it using this decoded contents decode key Kc. 

[0021] In addition, since secret contents are saved at the contents server 251, the user 
system 253 needs to perform a secret contents distribution request to the contents 
server 251 separately, and needs to receive distribution of secret contents from the 
contents server 251. 

[0022] On the other hand, drawing 23 shows the outline configuration block Fig. of the 
contents use control system which realizes a contents coincidence distribution mold 
model. In drawing 23 , the contents server 251 will not exist but it will be sent to the 
user system 253 at license transmission and coincidence. Since secret contents are 
beforehand carried to the server near the user system 253 in time when acquiring secret 
contents through the contents server 251 as shown in drawing 22 , the user system 253 
should just carry out a use demand, when contents are required. 

[0023] Moreover, suitable selection of the distribution channel of contents is attained as 
compared with a contents coincidence distribution mold model, and compaction of the 
response time can be expected on the occasion of contents acquisition for a user. 
Moreover, it is possible to distribute contents beforehand with the cache by the ROM 
medium base, broadcast, and the Proxy server etc. apart from offer of a license in a 
contents cache possible mold model, and there are many advantages. 
[0024] 

[Problem(s) to be Solved by the Invention] However, although secrecy contents can be 
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decoded fundamentally and these contents can be used in the conventional contents use 
control system mentioned above if it is equipment which is in agreement with a user 
system at the phvsical element ID of a proper Since this physical element ID is 
generating the license (use authorization conditions) For example, the conditions which 
restrict the count of read-out of the contents determined with a copyright person's 
intention could not be added, a time limit could not be prepared, accounting conditions 
could not be set up, but there was a trouble that flexible contents use control could not 
be performed. 

[0025] Moreover, it did not restrict having always simple composition, but when it was a 
device with a complicated configuration, a use environmental specification physical 
element may have inaccurate specific device or specific components of the device, and 
even if it generated use authorization conditions with the use environmental 
specification physical element which is the device of an only big configuration, in such a 
case, there was a trouble overlooking injustice and that security fell. 
[0026] while, as for this invention, an information offer authority person including those 
who were made in view of the above and permitted by information implementers, such 
as a copyright person, can perform contents use control flexibly - the unjust use of 
contents - precision - it aims at offering the record medium which recorded the 
program which makes a computer perform the contents use control system which can be 
prevented highly, contents use equipment, and its usage and in which computer reading 
is possible. 
[0027] 

[Means for Solving the Problem] In order to attain the above-mentioned purpose, 
invention concerning claim 1 In the contents use control system which performs use 
control of these contents offered by the information offer authority person including 
those who were permitted by the information implementer and this information 
implementer who are an implementer of contents A user means by which a user uses 
said contents (50 of drawing 1 ), Further two or more partial use authorization 
conditions of receiving said contents based on the identification information about the 
physical element of the user means containing the media used within said user means 
concerned, and the identification information about said user with the combination of 
an OR and an AND It is characterized by having a setting means (23 of drawing 1 ) to 
set up as use authorization conditions which carried out the structuring expression, and 
the use control means (40 of drawing 1 ) which controls use of said contents by said user 
means based on the use authorization conditions set up by said setting means. 
[0028] According to invention concerning this claim 1, a setting means Further two or 
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more partial use authorization conditions of receiving said contents based on the 
identification information about the physical element of the user means containing the 
media used within said user means concerned, and the identification information about 
said user with the combination of an OR and an AND Setting up as use authorization 
conditions which carried out the structuring expression, said use control means controls 
use of said contents by said user means based on the use authorization conditions set up 
by said setting means, and enables flexible use control based on use authorization 
conditions. 

[0029] Moreover, the partial use authorization conditions that said setting means sets 
up invention concerning claim 2 in a contents use control system according to claim 1 
are characterized by including the accounting conditions (equivalent to the accounting 
condition value of drawing 3 ) which are conditions over the category which changes 
according to said user means and said user's use situation. 

[0030] according to invention concerning this claim 2 - a setting means - it is made for 
the partial use authorization conditions set up to include the accounting conditions 
which are conditions over the category which changes according to said user means and 
said user's use situation, and they can perform use control to a user finely further. 
[0031] Invention concerning claim 3 is set to a contents use control system according to 
claim 1 or 2. Moreover, said use control means (40 of drawing 1 ) The contents use 
demand (S18 of drawing 1 ) from said user means (50 of drawing 1 ) is received. It has a 
generation means (41 of drawing 1 ) to generate the consent information enciphered by 
the identification information about two or more physical elements of the user means 
containing the media which use said use authorization conditions and the decode key of 
said contents within said user means concerned. Said user means decodes said consent 
information sent according to said contents use demand based on the identification 
information of the physical element by the user means concerned. When satisfying said 
use authorization conditions, it is characterized by using the decode key of said contents 
and decoding said enciphered contents. 

[0032] According to invention concerning this claim 3, a generation means receives the 
contents use demand from said user means. The consent information enciphered by the 
identification information about two or more physical elements of the user means 
containing the media which use said use authorization conditions and the decode key of 
said contents within said user means concerned is generated. Said user means decodes 
said consent information sent according to said contents use demand based on the 
identification information of the physical element by the user means concerned, and 
when satisfying said use authorization conditions, the decode key of said contents is 
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used for it, and it decodes said enciphered contents. 

[0033] Moreover, it is characterized by said generation means (41 of drawing 1 ) 
performing invention concerning claim 4 i n the* contents use control system of claim 3, 
by multiplexing encryption by the identification information of the physical element 
corresponding to the partial use authorization conditions concerned, when between the 
partial use authorization conditions within said use authorization condition is described 
by the AND (equivalent to several 1 and several 2). 

[0034] According to invention concerning this claim 4, when between the partial use 
authorization conditions within a use authorization condition is described by the AND, 
it can carry out by the ability multiplexing encryption by the identification information 
of the physical element corresponding to the partial use authorization conditions 
concerned, and the danger of the theft of the contents decode key by attack success to 
some physical elements can be distributed. 

[0035] Moreover, invention concerning claim 5 is characterized by said physical element 
containing the physical element (131* 136 of drawing 9 ) included by other physical 
elements in a contents use control system according to claim 1 to 4. 

[0036] According to invention concerning this claim 5, even if a physical element is a 
physical element in inclusion relation, it can be dealt with as one physical element, and 
the injustice of this one physical element cannot be allowed, either, but the danger of 
calling it the theft of a contents decode key can be distributed. 

[0037] Moreover, invention concerning claim 6 is characterized by having further the 
contents server (30 of drawing 1 ) which holds the contents enciphered with said 
information offer authority person means on the open network, receives the contents 
distribution request from said user means, and sends said enciphered contents to the 
user means concerned in a contents use control system according to claim 1 to 5. 
[0038] Since it has the contents server which holds the contents enciphered with said 
information offer authority person means, receives the contents distribution request 
from said user means, and sends said enciphered contents to the user means concerned 
on an open network according to invention concerning this claim 6, an open network can 
fully be utilized, the congestion of the traffic in the system concerned can be prevented, 
and contents can be gained quickly. 

[0039] Moreover, invention concerning claim 7 performs the use demand of contents in 
the contents use control system which performs use control of these contents offered by 
the information offer authority person including those who were permitted by the 
information implementer and this information implementer who are an implementer of 
contents. The user means which decodes the contents which used the decode key of said 
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contents and were enciphered when satisfying the use authorization conditions which 
decoded the consent demand sent according to the contents use demand concerned 
based un the identification information of the physical element of the means concerned, 
and were acquired (50 of drawing 1 ), Further two or more partial use authorization 
conditions of receiving said contents based on the identification information about the 
physical element of the user means containing the media used within said user means 
concerned, and the identification information about said user with the combination of 
an OR and an AND A setting means to set up beforehand the use authorization 
conditions which carried out the structuring expression (23 of drawing 1 ), A condition 
storing means to store the use authorization conditions set up by said setting means (43 
of drawing 1 ), An extract means to receive the use demand of the contents from a 
maintenance means (44 of drawing 1 ) to hold the decode key of said contents, and said 
user means, and to extract the use authorization conditions corresponding to the user 
means concerned, and the decode key of said contents (drawing 42), It is characterized 
by having a generation means (41 of drawing 1 ) to generate the consent information 
which enciphered said use authorization conditions and the decode key of said contents 
based on the identification information of the physical element sent from said user 
means, and to send out to the user means concerned. 

[0040] According to invention concerning this claim 7, a setting means Further two or 
more partial use authorization conditions of receiving said contents based on the 
identification information about the physical element of the user means containing the 
media used within a user means concerned, and the identification information about 
said user with the combination of an OR and an AND While setting up beforehand by 
storing in the condition storing means within said use control means the use 
authorization conditions which carried out the structuring expression, the decode key of 
said contents is held for a maintenance means. An extract means receives the use 
demand of the contents from said user means, extracts the use authorization conditions 
corresponding to the user means concerned, and the decode key of said contents, 
generates the consent information which enciphered said use authorization conditions 
and the decode key of said contents based on the identification information of the 
physical element sent from said user means, and sends it out to the user means 
concerned. A user means decodes said consent information sent according to said 
contents use demand based on the identification information of the physical element by 
the user means concerned, and when satisfying said use authorization conditions, the 
decode key of said contents is used for it, and it decodes said enciphered contents. 
[0041] Moreover, invention concerning claim 8 is set to the contents use equipment with 
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which it connects with a network and a user uses contents. A demand means to transmit 
the identification information about the physical element of the contents use equipment 
concerned, and the iutmLificaticn information about a to the contents management 
equipment which manages contents according to the use demand of contents (52 of 
drawing 1 ), From the consent information transmitted by contents management 
equipment corresponding to the use demand of said contents A means to decode based 
on the identification information about the physical element of the contents use 
equipment concerned, and to ask for use authorization conditions and the decode key of 
contents (58- 1 of drawing 1 , 60-1, 62-1), When said use authorization conditions 
searched for are judged and a permission is granted, it is characterized by having the 
means (51 of drawing 1 ) which uses said decode key for which it asked, and decodes 
contents. 

[0042] According to invention concerning this claim 8, a demand means accepts the use 
demand of contents. If the identification information about the physical element of the 
contents use equipment concerned and the identification information about a user are 
transmitted to the contents management equipment which manages contents then, 
from the consent information transmitted by contents management equipment 
corresponding to the use demand of said contents Protection reinforcement is made high, 
as it decodes based on the identification information about the physical element of the 
contents use equipment concerned, and it asks for use authorization conditions and the 
decode key of contents, and said decode key for which it asked is used and contents are 
decoded, when said use authorization conditions searched for are judged and a 
permission is granted. 

[0043] Moreover, invention concerning claim 9 is a record medium which stored the 
program performed by computer of the contents use equipment with which it connects 
with a network and a user uses contents and in which computer reading is possible. The 
demand process which transmits the identification information about the physical 
element of the contents use equipment concerned, and the identification information 
about a user to the contents management equipment which manages contents according 
to the use demand of contents (S501 of drawing 11 ), From the consent information 
transmitted by contents management equipment corresponding to the use demand of 
said contents The process which decodes based on the identification information about 
the physical element of the contents use equipment concerned, and asks for use 
authorization conditions and the decode key of contents (S600 and S601 of drawing 12 , 
S700, S701 of drawing 13 ), When said use authorization conditions searched for are 
judged and a permission is granted, it is the record medium which recorded the program 
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for operating the process (S704 of drawing 13 ) which uses said decode key for which it 
asked, and decodes contents and in which computer reading is possible. 
[0044] According to invention concerning this claim 9, the use demand of contents is 
first accepted according to a demand process. The identification information about the 
physical element of the contents use equipment concerned and the identification 
information about a user are transmitted to the contents management equipment which 
manages contents, then, from the consent information transmitted by contents 
management equipment corresponding to the use demand of said contents Decode 
based on the identification information about the physical element of the contents use 
equipment concerned, and it asks for use authorization conditions and the decode key of 
contents. Then, protection reinforcement is made high, as said decode key for which it 
asked is used and contents are decoded, when said use authorization conditions 
searched for are judged and a permission is granted. 

[0045] Moreover, invention concerning claim 10 is set to the contents use equipment 
with which a user uses contents. It corresponds to the use demand of said contents. 
From the consent information on contents A means to decode based on the identification 
information about the physical element of the contents use equipment concerned, and to 
ask for use authorization conditions and the decode key of contents (58- 1 of drawing 1 , 
60-1, 62-1), When said use authorization conditions searched for are judged and a 
permission is granted, it is characterized by having the means (51 of drawing 1 ) which 
uses said decode key for which it asked, and decodes contents. 

[0046] When according to invention concerning this claim 10 it decodes based on the 
identification information about the physical element of the contents use equipment 
concerned, and use authorization conditions and the decode key of contents are asked, 
and said use authorization conditions searched for are judged after that and a 
permission is first granted from the consent information on contents corresponding to 
the use demand of contents, protection reinforcement is made high, as said decode key 
for which it asked is used and contents are decoded. 

[0047] Moreover, invention concerning claim 11 is a record medium which stored the 
program which a user performs by computer of the contents use equipment using 
contents and in which computer reading is possible. It corresponds to the use demand of 
said contents. From the consent information on contents The process which decodes 
based on the identification information about the physical element of the contents use 
equipment concerned, and asks for use authorization conditions and the decode key of 
contents (S600 and S601 of drawing 12 , S700, S701 of drawing 13 ), When said use 
authorization conditions searched for are judged and a permission is granted, it is the 
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record medium which recorded the program for operating the process (S704 of drawing 
13 ) which uses said decode key for which it asked, and decodes contents and in which 
computer reading is possible. 

[0048] When according to invention concerning this claim 11 it decodes based on the 
identification information about the physical element of the contents use equipment 
concerned, and use authorization conditions and the decode key of contents are asked, 
and said use authorization conditions searched for are judged after that and a 
permission is first granted from the consent information on contents corresponding to 
the use demand of said contents, protection reinforcement is made high, as said decode 
key for which it asked is used and contents are decoded. 
[0049] 

[Embodiment of the Invention] The gestalt of suitable operation of the record medium 
which recorded the program which makes a computer perform the contents use control 
system applied to this invention with reference to an accompanying drawing below, 
contents use equipment, and its usage and in which computer reading is possible is 
explained. 

[0050] Drawing 1 is drawing showing the configuration of the contents use control 
system which is the gestalt of 1 operation of this invention. The contents use control 
system 10 shown in drawing 1 is a system which controls this use, when a user 2 uses 
the contents of the work which the copyright person 1 created. In drawing 1 , this 
contents use control system 10 is large, and has the copyright person system 20, the 
contents server 30, a license server 40, and the user system 50. 

[0051] The copyright person system 20 enciphers the created contents. By sending out a 
contents decode key required decoding the secrecy contents registration section 21 
which performs processing (S10) which registers these enciphered secrecy contents into 
the contents server 30, and the enciphered contents (secrecy contents) to a license 
server 40 It has the right transfer section 22 of an access control which performs 
processing (S12) which transfers the right of an access control to a license server, and 
the ACL (S14) setting section 23 which sets use authorization conditions (ACL) as a 
license server 40, and the use control about the contents of a work is managed. 
[0052] When the secrecy contents sent from the copyright person system 20 are 
registered and there is a secrecy contents distribution request from the user system 50 
(S16), the contents server 30 is sent out to the user system 50, where these secrecy 
contents registered and saved are enciphered (S17). 

[0053] A license server 40 has license authorization / generation section 41 and the 
LDAP system 42. License authorization / generation section 41 searches the decode key 
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corresponding to the physical element ID certificate and this which were added to this 
use demand when there was a use demand of contents from the user system 50 (S18) 
from the LDAP systpm 42. a physical element ID decodes, the contents decode key 
corresponding to the contents by which the use demand was carried out searches, and 
the license enciphered with the physical element ID in this searched contents decode 
key transmits (S2l). 

[0054] This license is physical environmental specification element conditions, is made 
equivalent to the structure of a physical element, and serves as an OR and a gestalt of 
the combination structured using the AND. Moreover, with the gestalt of this operation, 
not only the physical environmental specification element conditions of having been 
used from the former but the accounting conditions on condition of a user's use situation 
are collectively enciphered as ACL. About encryption and a decryption of this license, it 
mentions later. In addition, when the physical element ID certificate is not added to a 
use demand (S18), in not existing in the LDAP system 42, physical element criteria 
specification (S19) is sent to the user system 50, and it returns the physical element ID 
certificate group which the user system 50 generated (S20). 

[0055] On the other hand, when the contents decode key by the right transfer of an 
access control has been sent from the copyright person system 20 (S12), the database of 
the key 44 in the LDAP system 42 which mentions this contents decode key later is 
made to correspond to secrecy contents, and it registers with it. Moreover, this ACL is 
made that an ACL setup has been sent from the copyright person system 20 (S14), and 
to correspond to secrecy contents, and it stores in the access control list (ACL) in the 
LDAP system 42. 

[0056] The user system 50 has the distribution request (S16) of secrecy contents, secrecy 
contents demand / acquisition section 51 which acquires the distributed secrecy 
contents, a demand (S18) of a license, i.e., a use demand, and license demand / 
acquisition section 52 which processes acquisition (S21) of a license, and the specific use 
environment (SUE) 53 of a user system. In the specific use environment 53, a specific 
contents use environment is said and synthetic information, such as CPU, a peripheral 
device, a RIMUBARU storage, an IC card, and a contents use situation, is said. 
[0057] By the specific use environment, it has the use environmental specification 
physical elements (PCSUE) 54-1, such as CPU, - 54-N, the contents storage device 55- 1 
which stores contents - 55 M, and the playback devices 56-1, such as a player and a 
viewer, - 56-L. Each PCSUE 54-1 - 54-N, each contents storage device 55*1 - 55-M, and 
each playback device 56*1 - 56*L have encryption / decryption / evaluation section 58-1 - 
58-N, 60-1 - 60 M, and 62-1 - 62-L while having each physical element ID 57- 1 - 57-N, 
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59 1 - 59M, and 611 ■ 61-L. 

[0058] When enciphering and outputting with the physical element ID of a self-physical 
element in enciphering each physical element, a^d decrypting each physical element, 
encryption / decryption / evaluation section 58* 1 - 58N, 60-1 - 60 M, and 62-1 - 62-L 
decrypt with the physical element ID of a self-physical element, and performs 
processing which evaluates a decode result further. That is, about processing of each 
physical element ID, it carries out for every physical element, and even if it is on the 
interface between physical elements, he is trying for information not to leak. 
[0059] Processing of the copyright person system 20 mentioned above next, the contents 
server 30, a license server 40, and a user system of operation is explained mainly with 
reference to a flow chart. First, with reference to the flow chart of drawing 2 , the 
internal-processing procedure of the copyright person system 20 is explained. 
[0060] In drawing 2 , it judges whether the actuation event generated the copyright 
person system 20 first (step S100). when the actuation event has not occurred (step 
S100 *- nothing), this processing is repeated until an actuation event occurs, and the 
contents of actuation of an actuation event judge secrecy contents registration, ACL 
registration, and the right transfer of an access control for the actuation event to have 
occurred (step S100 it is) (step S101). 

[0061] When the contents of actuation are secrecy contents registration (step 101, 
secrecy contents registration), the secrecy contents registration section 21 enciphers 
contents (step S110), specifies the desired contents server 30 from a contents server list 
(step Sill), and performs a secrecy contents registration demand to this specified 
contents server 30 (step S112). Then, the response from the contents server 30 is 
obtained and it judges whether the response is O.K. or it is an error (step S113). 
[0062] When the response from the contents server 30 is O.K., in being an error, after 
performing error processing (step Si 14), it judges further whether the following 
contents server was specified as it is (step S115). when the processing which shifted to 
step S112 and was mentioned above when the following contents server was specified 
(step S115 - it is) is repeated and the following contents server is not specified (step 
S115 nothing), the processing which shifted to step S100 and was mentioned above is 
repeated. 

[0063] in judging whether the contents decode key as which the ACL setting section 23 
was specified further is registered when the contents of actuation are ACL setup (step 
101, ACL setup) (step S120), and not registering a contents decode key (step S120 
nothing), error processing is performed (step S124), and it shifts to step S100 and 
repeats the processing mentioned above, on the other hand, when there is registration 
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of a contents decode key (step S120 - it is), an ACL setting demand is transmitted to a 
license server 40 (step S122), an ACL registration result is received from a license 
ccrvcr 40 (step S123), and t.Hp. processing which shifted to step S100 after that, and was 
mentioned above is repeated. 

[0064] Moreover, when the contents of actuation are the right transfers of an access 
control (step S101, right transfer of an access control), the enciphered contents decode 
key is transmitted to a license server 40 (step S130), the registration result of an 
encryption contents decode key is received (step S131), it shifts to step S100 and the 
processing mentioned above is repeated. 

[0065] Below, ACL set up by the ACL setting section 23 is explained here. Drawing 3 is 
drawing showing an example of an access condition, and an access condition has two 
kinds such as accounting conditions and physical environmental specification element 
(PCSUE) conditions. As shown in drawing 3 , as accounting conditions which are one of 
the descriptions of this invention, first, there is maxCount (count maximum of 
operational) and the use situation of the contents corresponding to this is count 
(operated count). It is going to access control, i.e., limitation, and license by preparing 
the limit of the count maximum of operational to the adjustable value of an operated 
count. 

[0066] The use situation of the contents corresponding to the accounting condition value 
of the next maxLength (read out length between couplings) is totalLen (asked [ read 
die-length + ] read-out die length), and tends to control access by the read out maximum 
length of contents. The use situation of the contents corresponding to the accounting 
condition value of the next maxTimeLen (the maximum time amount which can be 
performed) is totalTime (performed time amount length), and tends to control access by 
the maximum time amount of contents which can be performed. The use situation of the 
contents corresponding to the accounting condition value of the next maxDebt (lease 
possible amount of money (accounting conditions)) is debt (balance), and the minus 
value of the balance tends to serve as a debt frame, and tends to control access by 
accounting conditions. 

[0067] Moreover, as physical environmental specification element conditions, there is a 
body of a computer first, and the class of the physical element ID corresponding to this 
is PSN, and is the serial number of a processor. Here, a class is an object class on a 
database. The class of the physical element ID corresponding to the following peripheral 
device is DSN, and shows the class and serial number of a device. The class of the 
physical element ID corresponding to the following media is MSN, and shows the class 
and serial number of media. The physical element ID corresponding to the following IC 
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card is certificates, and shows the certificate which an IC card publishes. 
[0068] The next body parts are a fingerprint and retina (iris) information, and the class 
of the physical element ID corresponding to this is bodyParts, and is the authentication 
information on a body part. The class of the physical element ID corresponding to the 
time zone which the next permits is timePeriod, and are a local clock and global GPS 
time of day. The next network domain shows the area on a network, and the class of the 
physical element ID corresponding to this is MACAddress, and shows a MAC Address. 
The geographical location of the following shows a use country etc., and the class of the 
physical element ID corresponding to this is location, and shows the location which GPS 
or PHS detects. The class of the physical element ID corresponding to storage of the 
next man is user-ID WithPwd, and shows user ID and a password. The class of the 
physical element ID corresponding to the last group is group, and shows the set of a 
physical element ID. 

[0069] Such an access condition is set up as a set with a logical combination of AND and 
OR, i.e., ACL. Although there are accounting conditions and physical environmental 
specification element conditions in an access condition as mentioned above, combination 
is possible for these to arbitration. For example, the following is set up as one ACL. That 
is, ACL like udac#aclxead-(grop=sysrapOR group=soft4soft) 

(AND45661244<MSN<45661412) OR count<i;modify:user=yujiOR 

user=hataORIC#card=lafd234fe4def458c3bac78497bbda6 £print:group=sysrap; can be 
setup. 

[0070] According to this set-up ACL, "read" shows perusal conditions, and a group is 
"sysrap" or M soft4soft ,! , and it becomes the conditions for perusal that media serial 
number MSN exceeds 45661244, and is less than 45661412, or an operated count does 
not use contents less than one, i.e., once. Furthermore, "modify" shows updating 
conditions and it becomes the conditions for renewal of contents that a user name is 
"yuji" or "hata", or the number of "IC#card" is "Iafd234fe4def458c3bac78497bbda6f." 
[0071] Moreover, "print" can show printout conditions, and a group can restrict it to 
"sysrap", and it can print contents. The copyright person 1 can set such ACL as 
arbitration from the copyright person system 20. Operability of this ACL setup 
improves by using GUI. In addition, you may make it set up the type of ACL with an 
actuation name. For example, conditions can be chosen access condition (l) Coming [ the 
actuation name 1 ], and you may enable it to choose conditions access condition (2) 
Coming [ the actuation name 2 ]. Thereby, operability improves further. 
[0072] Below, with reference to the flow chart shown in drawing 4 , the 
internal-processing procedure of the contents server 30 is explained. In drawing 4 , first, 
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the contents server 30 judges a secrecy contents registration demand and a secrecy 
contents distribution request, when a network event is inputted or it is inputted (step 
S200). v/hen a network p.v«nt is not inputted (step S200 - nothing), the decision 
processing in step 200 is repeated. 

[0073] When a network event is a secrecy contents registration demand (step S200, 
secrecy contents registration demand), internal registration of these secrecy contents by 
which the registration demand was carried out is carried out (step S210), and default 
ACL is set up (step S211). And the processing which performed the response to this 
secrecy contents registration demand (step S212), shifted at step S200, and was 
mentioned above to the copyright person system 20 is repeated. 

[0074] On the other hand, when a network event is a secrecy contents distribution 
request (step S200, secrecy contents distribution request), these secrecy contents by 
which the distribution request was carried out are distributed to the user system 50 
(step S220), the response to this secrecy contents distribution request is performed to 
the user system 50 after that (step S221), and the processing which shifted to step S200 
and was mentioned above is repeated. Thereby, secrecy contents can be distributed to 
the user system 50 from the copyright person system 20 in the secret condition through 
the contents server 30. In this case, traffic is distributed, and since it is possible to hold 
secrecy contents to the contents server near the user system 50 beforehand while fast 
transfer is possible, distribution processing can be processed at a high speed. 
[0075] Below, with reference to the flow chart shown in drawing 5 , the 
internal-processing procedure of a license server 40 is explained. In drawing 5 , a license 
server 40 judges first whether the network event of a contents use demand was inputted 
(step S300). when a network event is not inputted (step S300 - nothing), decision 
processing of this step S300 is repeated. 

[0076] When a network event is a contents use demand (step S300, contents use 
demand), ACL of the specified contents is searched from the LDAP system 42 (step 
S301), the access condition related from this searched ACL is extracted further, and new 
ACL is generated (step 302). When it judges whether there is any correspondence 
physical element ID certificate corresponding to the physical environmental 
specification conditions extracted after that (step S303) and there is a correspondence 
physical element ID certificate (step S303, those with a correspondence physical 
element ID certificate), as it is When there is no correspondence physical element ID 
certificate (with step S303 and no correspondence physical element ID certificate) After 
requiring a certificate from the user system 50 as opposed to the use claimant of 
contents (step S304), it judges further whether there are any following physical 
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environmental specification conditions (step S305). 

[0077] when the preparations which shift to step S303 and are certainly equipped with 
a correspondence physical element ID rp.rtificate when there are the following physical 
environmental specification conditions (step S305 it is) are made and there are no 
following physical environmental specification conditions (step S305 - nothing), a 
physical element ID certificate group is received (step S306)., the use claimant 50, i.e., 
the user system, of contents 

[0078] Then, license authorization / generation section 41 searches the specified 
contents decode key (step S307), and re(step S308) arranges the access condition in ACL 
in the certificate of the physical element which can be forced. Furthermore, processing 
which bundles all the AND/OR types in ACL with an authentication priority in a 
parenthesis is performed (step S309). License authorization / generation section 41 
performs after that license generation processing which generates a license based on 
the AND/OR type bundled with this parenthesis (step S310). And the generated license 
is transmitted to the user system 50 (step S311), and the processing which shifted to 
step S300 and was mentioned above is repeated. 

[0079] Here, the relation of the license and secrecy contents which were generated is 
explained with reference to drawing 6 . Drawing 6 shows relation with the secrecy 
contents transmitted to the user system 50 from the copyright person system 20 
through the license and the contents server 30 which are transmitted to the user system 
50 from a license server 40. 

[0080] In drawing 6 , the system ACL 43*1 to 43 5 matched with each secrecy contents 
71-75, respectively is stored in ACL43 of a license server 40. The licenses 84 86 over the 
secrecy contents 71-73 are generated based on this system ACL from the system ACL 
corresponding to the after that, for example, secrecy, contents 71-73, and it is 
transmitted to a user system. These licenses 84 86 are enciphered with the 
corresponding physical element ID, and information does not leak outside. The user 
system 50 can decode clients 81ACL 83 from licenses 84 86, can decode secrecy 
contents 71' corresponding to these - 73', and can obtain contents, respectively. 
[0081] In this case, since secrecy contents are also enciphered, security is enough. Thus, 
ACL and secrecy contents are matched although the transfer roots differ, respectively, 
maintaining the secrecy condition. In addition, the condition of the secrecy contents 
sent through the transfer path containing the contents server 30 is expressed as a 
virtual storing field 70. 

[0082] Here, the LDAP system 42 in a license server 40 is further explained with 
reference to drawing 7 . In drawing 7 , the LDAP system 42 has two or more LDAP 
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servers, a license server 40 will be positioned as the client- server, and each LDAP server 
will function on the basis of management of a license server 40. A LDAP server is a 
uireulury server using the protocol of the lightweight version of DAP contained in X.500 
which is the criterion of a directory service. It has the class of the XML information 
which was divided by two or more classes in the LDAP server, for example, was 
described by the individual humanity news 91, the system class 92, MEDIAKURASU 93, 
and XML. 

[0083] And if "own system" is searched in the class of the individual humanity news 91, 
this system is searched by "system name" from the system class 92, and the present 
media in the system class 92 "current media" can search MEDIAKURASU 93 out of 
MEDIAKURASU, and can retrieve the XML information 94 corresponding to these 
contents from the contents in this MEDIAKURASU 93 further, for example. The 
information about contents is stored in this XML information 94. 

[0084] By the way, the specific use environment of the user system 50 has the logical 
structure with the layer shown in drawing 8 . In drawing 8 , the specific use 
environment 100 consists of three layers of the application layer 110, OS kernel layer 
111, and the device layer 112, and it connects between each class with the service 
interface shown by the dotted line. The application layer 110 has contents playback / 
activation application 101, and has the secret contents decode protection library 102 as 
a program module inside. 

[0085] The secret contents decode protection library 102 operates the storage driver 103, 
a file system 105, two or more use environmental specification physical element drivers 
106-108, and a playback device driver. The storage driver 103 makes a contents storage 
device drive, the use environmental specification physical element drivers 106-108 
make the use environmental specification physical elements 109-111 drive, respectively, 
and the playback device driver 112 makes the playback device 113 drive. In addition, it 
may be one physical unit or two roles, the contents storage device 104 and the use 
environmental specification element 109, may be borne, for example like MO equipment. 
[0086] Drawing 9 shows the correspondence relation between OS kernel layer 111 of a 
use environmental specification physical element (PCSUE), and the device layer 112. As 
shown in drawing 9 , PCSUE(s) may have inclusion relation. Of course, other devices in 
the device layer 112 are the same. For example, PCSUE 133, 134 is positioned by the low 
order of PCSUE131, and PCSUE135,136 is positioned by the low order of PCSUE 134. 
The data exchange of the information on a physical element ID etc. can be carried out by 
PCSUE(s) which have such inclusion relation. 

[0087] For example, PCSUE of media regenerative apparatus, such as DVD equipment, 
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includes PCSUE of media, such as DVD, and exchanges contents data and media ID 
information among both. For example, it is information interchange between 
PCSUE 134 and PCSUE 135. And only the top PCSUE performs the data exchange with 
a PCSUE driver. For example, it is the relation between the PCSUE driver 120 and 
PCSUE131. Therefore, even if it is the same device layer, it may have inclusion relation 
and may have hierarchical relation. 

[0088] As mentioned above, a license is the consent information over a specific 
environment, and the access information which becomes the client environment which 
required the license, i.e., the environment of a user system, from ACL and the content 
decode key Kc only including the information on a proper is enciphered with a physical 
element ID (PCSUE-ID). 

[0089] Here, it is as follows when an example of the multiplexed license is shown. 
Namely, [Equation l] 

It comes out. Here, Kl - K5 are PCSUE-ID, respectively. Access information is combined 
for this license by AND conditions using Kl - K5. It is good for the security 
reinforcement of a physical element to use each PCSUE ID for high order, and to 
encipher in multiplex. The sequential decode of this decryption will be carried out from 
outside PCSUE-ID at this reverse. 

[0090] Moreover, when the security reinforcement of a physical element is almost the 
same, you may enable it to decode each PCSUE-ID by the code key of the result with 
EXCLUSIVE OR operation. For example, [Equation 2] 

** it is good to make it like. The effectiveness of diversification of risks that the 
danger of the contents decode key Kc theft by attack success to some products, i.e., some 
physical elements, is distributed by multiplexing of these encryption will be brought 
about. 

[0091] Moreover, [Equation 3] when combining two or more PCSUE ID by the 
OR-operation child 



- when like, it is good also considering the value which generated the sublicense 
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enciphered by each PCSUE-ID, {< access information >} Kl [ for example, ], carried out 
the OR operation of all the sublicenses simply, and was combined as a license. In this 
eacc, multiplexing of the encryption mentioned above may be applied also to each 
sublicense, and you may generate as a license combined with the nest by carrying out 
AND, XOR, and an OR operation. The effectiveness of diversification of risks is acquired 
by this. 

[0092] Below, the generation procedure of such a license is explained with reference to 
the flow chart shown in drawing 10 . The flow chart shown in this drawing 10 is the 
subroutine of the license generation procedure shown in step S310 of drawing 5 . In 
drawing 5 , it reads from ACL mentioned above 1 word first (step S400). the WORD read 
after that - M (" - it is - a ****** is judged (step S410).) 

[0093] the WORD which carried out reading appearance - 11 0* - it is - a case (to step 
S410 and "CO, the read-out current position of ACL is memorized as the starting point in 
[ ACL ] a parenthesis (step S411).)) Then, Variable NB is set as "0" (step S412), and it 
reads from ACL 1 word further (step S413). then, the read WORD - " (" » it is - a ****** 
- judging (step S414) - " (" - it is - after adding "l" to Variable NB (step S415), it shifts 
to step S413 and the following 1 word is again read to a case.)) 

[0094] on the other hand, it judges whether read out WORD is (" it is not - a case 
(step S414 in addition) - further - this read WORD - ") (step S416). When this read 
WORD is not "", in addition to this, it comes out, and in a certain case, it shifts to step 
S413 and 1 word is further read from ACL. On the other hand, when this read WORD is 
M ", it judges whether NB is "0" (step S417). When NB is not "0" (steps S417 and NO), "1" 
subtraction is carried out from the value of NB, and it shifts to step S413, and reads 
from ACL 1 word further. 

[0095] When NB is "0" (steps S417 and YES), the one this side of the current position of 
ACL is memorized as a terminal point in [ ACL ] a parenthesis (step S419). Then, 
license generation processing in [ ACL ] this parenthesis is performed (step S420), 
processing which adds the return value by that recursive call to access condition AC is 
performed (step S421), and it shifts to step S400. ACL in a parenthesis is generated by 
this. 

[0096] the WORD read on the other hand " (" it is not - to a case (step S410 in 
addition), it judges further whether this read WORD is physical element conditions or 
accounting conditions (step S410).) In being physical conditions or accounting 
conditions, this condition is set as access condition AC (step S431), and it sets up as a 
secret key Kp of a physical element which can force this condition (step S432), shifts to 
step S400, and reads from ACL 1 word further. 
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[0097] When the read WORD is not physical conditions or accounting conditions (step 
S410, in addition to this), it judges further whether this read WORD is "OR" (step S430). 
Wiieu Llie read WORD is "OR", license generation processing of next ACL is performed 
from this read WORD (step S441). Then, when it judges whether AC is contained or not 
(step S442) and AC is contained in the license generated further (steps S442 and YES), 
it is set as the license which serves as "{hash [ AC, ]} Kp and return value" using the 
return value of the license generation processing by step S441 (step S443), and this 
generated license is returned (step S454). On the other hand, when AC is not contained 
in the license (steps S442 and NO), it is set as the license which serves as "{hash [ Kc, 
AC, ]} Kp and return value" using the return value of the license generation processing 
by step S441 (step S445), and this generated license is returned (step S454). 
[0098] On the other hand, when the read WORD is not "OR" (step S430, in addition to 
this), it judges further whether this read WORD is "AND" (step S440). When the read 
WORD is "AND", license generation processing of next ACL is performed from this read 
WORD (step S452), and the license which serves as "{hash [ a return value, AC, ]} Kp" 
using the return value of this license generation processing is returned (step S454). 
[0099] Furthermore, when this read WORD is not "AND" (step S440, in addition to this), 
the license used as "{hash [ Kc, AC, ]} Kp" is returned (step S454). Thereby, a license is 
generated from ACL. 

[0100] Below, with reference to the flow chart shown in drawing 11 , the 
internal-processing procedure of the user system 50 is explained. In drawing 11 , it 
judges first whether the user system 50 had the use demand of contents (step S500). 
when there is no use demand of contents (step S500 nothing), this decision processing 
is repeated, and when there is a use demand of contents (step S500 ■■ it is), the use 
demand of contents is transmitted (step S501). then, when it judges whether there was 
any demand of the certificate of a physical element from a license server 40 (step S502) 
and there is no demand of the certificate of a physical element (step S502 - nothing), it 
shifts to step S508. 

[0101] on the other hand, when there is a demand of the certificate of a physical element 
(step S502 it is), it judges whether it read (step S503), and the physical element ID 
certificate was read and went wrong (step S504). When read out goes wrong (steps S504 
and YES), an error notification is transmitted to a license server (step S505), and it 
shifts to step S500. when it judges whether there is any following physical element on 
the other hand when read out does not go wrong (steps S504 and NO) (step S506) and 
there is the following physical element (step S506 - it is), it shifts to step S503 and the 
processing which read the following physical element ID certificate and was mentioned 
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above is repeated. 

[0102] on the other hand, when there is no following physical element (step S506 ■ 
uuLliiiig), a physical clement ID certificate jnrmin is transmitted to a license server 40 
(step S507), and receiving contents judge an error or a license further (step S508). The 
processing which shifted to step S500 and was mentioned above when receiving 
contents were errors (step S508, error) is repeated, and when receiving contents are 
licenses (step S508, license), the processing which shifted and mentioned the license 
above to the physical element (PCSUE) 1 at delivery (step S509) and step S500 is 
repeated further. Thereby, the user system 50 can acquire a license from a license server 
40. 

[0103] Here, PCSUE 1 shows PCSUE of the beginning of PCSUE of an individual (Nl), 
generally PCSUEi shows, and i is 1 - (N-l) an integer. Then, an internal-processing 
procedure when a license is passed to each PCSUEi is explained with reference to the 
flow chart of drawing 12 . 

[0104] In drawing 12 , PCSUEi decodes the received license by Kpi first (step 600). Then, 
this decoded access condition ACi is evaluated (step S601), and it judges whether it is 
improper whether the evaluation result of an access condition ACi is good (step S602). 
When the evaluation result of an access condition ACi is improper (step S602, failure), 
error processing is performed (step S604) and this processing is ended. On the other 
hand, when the evaluation result of an access condition ACi is good (step S602, C), this 
decoded license is transmitted to PCSUE (i+l), decode is continued, and internal 
processing of Book PCSUEi is ended. 

[0105] Next, PCSUE (i+l) is equivalent to PCSUE (N), and the physical element of a 
playback device performs internal processing here, for example. This 
internal-processing procedure is explained with reference to the flow chart shown in 
drawing 13 . In drawing 13 , the received license is first decoded by Kpn (step S700). 
Then, this decoded access condition AC(N) is evaluated (step S701), and it judges 
whether this evaluation result is good or improper (step S702). When an evaluation 
result is improper (step S702, failure), error processing will be performed (step S703), 
this processing will be ended, and secrecy contents can be decoded as a result. 
[0106] On the other hand, when the evaluation result of access condition AC(N) is good 
(step S702, C), a playback device reproduces the contents which decoded secrecy 
contents (step S704) and were decoded by this decoded Kc (step S705), and this 
processing is ended. 

[0107] Here, decode processing of a concrete license is explained with reference to 
drawing 14 . In drawing 14 , the license generated by the license server 40 enciphers 
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access control list ACL and a contents decode key using the key Kp which is the physical 
element ID of the playback device 144, and the value of the exclusive OR of DSN141 
which is the device serial number of a storage device, and MSN143 which is the media 
serial number of media 142 is further enciphered as a key. 

[0108] First, if write a storage device 140 in media 142, it reads improper MSN, the 
exclusive OR of this value and DSN of storage device 140 self is calculated and a license 
is decoded by this result of an operation, a license will serve as {ACL, Kc} Kp. When 
satisfying the access condition which this license decoded in part is sent to the playback 
device 144, and the playback device 144 decodes a license using the key Kp which is the 
physical element ID which playback device 144 self has, acquires the access condition 
list ACL and the contents decode key Kc, and access condition ACL shows, the contents 
which could decode and were decoded by the contents decode key Kc will be reproduced 
by the playback device 144. 

[0109] With reference to the data flow which shows the contents decode processing by 
the license demand and license acquisition which were mentioned above to drawing 15 , 
it explains further. It sets to drawing 15 , and in the decode protected area in the user 
system 50, in order to use contents first, a physical element ID certificate is attached 
and the license demand processing 152 is sent out to a license server 40. Under the 
present circumstances, a physical element ID certificate is acquired from the use 
environmental specification physical element 150 by the use environmental 
specification physical element certification dictation profit processing 153, and is passed 
by the license demand processing 152. 

[0110] On the other hand, if a license is transmitted from a license server 40, the license 
acquisition processing 156 acquires this license, in access-permission processing 155, 
while acquiring a license from the license income processing 156, a physical element ID 
will be acquired through the use environmental specification physical element 
certification dictation profit processing 153, a use situation will be further acquired 
from accounting 157, and the use environmental specification physical element ID 
authentication processing 154 will take [ processing ] out a decode key using these. 
[0111] And the contents decode processing 159 decodes the secrecy contents 158 using a 
contents decode key, and outputs the contents of a plaintext. In addition, accounting 157 
is notified to the use situation monitor physical element 151, and the decrement of the 
current use situation is automatically carried out according to use with the use 
environment-monitoring physical element 151. 

[0112] By the way, drawing 16 is drawing showing the effect of the protection 
reinforcement on [ at the time of mounting each processing procedure in each entity of 
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the specific use environment shown in drawing 8 ]. From this result, generation of a use 
environmental specification physical element possession certificate is mounted in a 
device layer, and understand? that it is desirable to mount in the device layer by the IC 
card for accounting information protection. Thus, since protection reinforcement 
changes also with layers which mount each processing procedure, it is necessary to 
mount each processing facility which also takes layer arrangement into consideration 
and is shown in drawing 15 . 

[0113] In addition, although the gestalt of operation mentioned above explained as a 
configuration on the basis of the so-called contents cache possible mold model, it is clear 
that it is applicable not only to this but the configuration on the basis of a contents 
coincidence distribution mold model. In this case, the contents server 30 should just 
deal with it as a configuration by which internal arrangement was carried out into the 
license server 40. 

[0114] Furthermore, what is necessary is to be able to carry either out and just to apply 
a respectively suitable method according to an adapted system, even if it uses a private 
key cryptosystem and uses a public key cryptosystem in this case although it is the 
requisite about encryption and a decryption to use a key with the gestalt of operation 
mentioned above. 

[0115] Moreover, the record medium of portable molds, such as the media used in case 
not only the equipment of immobilization but this user system 50 is used for the user 
system 50, i.e., CD-ROM, DVD and MO, an IC card, and a floppy disk, is included in the 
physical element shown in the gestalt of operation mentioned above. In the user system 
by which this portable type of record medium is used, in addition to the physical 
element of immobilization to this user system, this portable type used of record medium 
will also be contained in a physical element, and use control of contents will be made. In 
addition, it cannot be overemphasized that it is contained in the physical element which 
the media of immobilization to the user system 50, for example, the hard disk drive unit 
of immobilization, ROM of immobilization, etc., mentioned above. 
[0116] 

[Effect of the Invention] As explained above, according to invention concerning claim 1, 
a setting means Further two or more partial use authorization conditions of receiving 
said contents based on the identification information about the physical element of the 
user means containing the media used within said user means concerned, and the 
identification information about said user with the combination of an OR and an AND It 
sets up as use authorization conditions which carried out the structuring expression. 
Said use control means Since use of said contents by said user means is controlled based 
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on the use authorization conditions set up by said setting means and it is made to 
enable flexible use control based on use authorization conditions The effectiveness that 
fiexibie cuuteiibS use central based on this authorization condition can be performed 
is done so. 

[0117] moreover according to invention concerning claim 2 a setting means *- since 
he is trying for the partial use authorization conditions set up to include the accounting 
conditions which are conditions over the category which changes according to said user 
means and said user's use situation, they do so the effectiveness that contents use 
control to a user can be performed further finely and flexibly. 

[0118] Moreover, according to invention concerning claim 3, a generation means receives 
the contents use demand from said user means. The consent information enciphered by 
the identification information about two or more physical elements of the user means 
containing the media which use said use authorization conditions and the decode key of 
said contents within said user means concerned is generated. Said user means decodes 
said consent information sent according to said contents use demand based on the 
identification information of the physical element by the user means concerned. Since 
the decode key of said contents is used and it is made to decode said enciphered contents 
when satisfying said use authorization conditions, the effectiveness that contents use 
control with high protection reinforcement can be performed is done so. 
[0119] Moreover, since according to invention concerning claim 4 encryption by the 
identification information of the physical element corresponding to the partial use 
authorization conditions concerned is multiplexed and is performed when between the 
partial use authorization conditions within a use authorization condition is described by 
the AND, the effectiveness that the danger of the theft of the contents decode key by 
attack success to some physical elements can be distributed is done so. 
[0120] Moreover, since according to invention concerning claim 5 it is dealt with as one 
physical element even if a physical element is a physical element in inclusion relation, 
the injustice of this one physical element is not allowed, either, but the effectiveness 
that the danger of calling it the theft of a contents decode key can be distributed is done 
so. 

[0121] Moreover, since it has the contents server which holds the contents enciphered 
with said information offer authority person means, receives the contents distribution 
request from said user means, and sends said enciphered contents to the user means 
concerned on an open network according to invention concerning claim 6, an open 
network is fully utilized, the congestion of the traffic in the system concerned is 
prevented, and the effectiveness that contents can be gained quickly is done so. 
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[0122] According to invention concerning claim 7, moreover, a setting means Further 
two or more partial use authorization conditions of receiving said contents based on the 
idenuficalkm information about the physical pigment of the user means containing the 
media used within a user means concerned, and the identification information about 
said user with the combination of an OR and an AND While setting up beforehand by 
storing in the condition storing means within said use control means the use 
authorization conditions which carried out the structuring expression, the decode key of 
said contents is held for a maintenance means. An extract means receives the use 
demand of the contents from said user means, extracts the use authorization conditions 
corresponding to the user means concerned, and the decode key of said contents, 
generates the consent information which enciphered said use authorization conditions 
and the decode key of said contents based on the identification information of the 
physical element sent from said user means, and sends it out to the user means 
concerned. Since a user means decodes said consent information sent according to said 
contents use demand based on the identification information of the physical element by 
the user means concerned, and the decode key of said contents is used and it is made to 
decode said enciphered contents when satisfying said use authorization conditions, the 
effectiveness that the encryption and the decryption accompanying flexible contents use 
control are concretely realizable is done so. 

[0123] Moreover, according to invention concerning claims 8 and 9, a demand means 
accepts the use demand of contents. If the identification information about the physical 
element of the contents use equipment concerned and the identification information 
about a user are transmitted to the contents management equipment which manages 
contents then, from the consent information transmitted by contents management 
equipment corresponding to the use demand of said contents Decode based on the 
identification information about the physical element of the contents use equipment 
concerned, and it asks for use authorization conditions and the decode key of contents. 
Since said decode key for which it asked is used and it is made to decode contents when 
said use authorization conditions searched for are judged and a permission is granted, 
the effectiveness that contents use control with high protection reinforcement can be 
performed is done so. 

[0124] Moreover, according to invention concerning claims 10 and 11, it corresponds to 
the use demand of contents first, Since it asks for use authorization conditions and the 
decode key of contents, it decodes from the consent information on contents based on the 
identification information about the physical element of the contents use equipment 
concerned, said decode key for which it asked is used when said use authorization 



30/32 



conditions searched for are judged after that and a permission is granted, and it is made 
to decode about contents, the effectiveness that the contents use control with still higher 
protection reinfo roe e n t can be carried out is done so. 

[Brief Description of the Drawings] 

[Drawing 1] It is drawing showing the configuration of the contents use control system 
which is the gestalt of 1 operation of this invention. 

[Drawing 2] It is the flow chart which shows the internal-processing procedure of the 
copyright person system 20 shown in drawing 1 . 

[Drawing 3] It is drawing showing an example of accounting conditions and physical 
environmental specification element conditions. 

[Drawing 4] It is the flow chart which shows the internal-processing procedure of the 
contents server 30 shown in drawing 1 . 

[Drawing 5] It is the flow chart which shows the internal-processing procedure of a 
license server 40 shown in drawing 1 . 

[Drawing 6] It is drawing showing relation with the secrecy contents sent from the 
license and the copyright person system 10 which are sent from a license server 40, 
or the contents server 30. 

[Drawing 7] It is drawing showing the configuration of the LDAP system 42 shown in 
drawing 1 . 

[Drawing 8] It is drawing showing the layer logical structure of a specific use 
environment. 

[Drawing 9] It is drawing showing an example of a physical element with inclusion 
relation. 

[Drawing 10] It is the detail flowchart which shows license generation procedure. 
[Drawing 11] It is the flow chart which shows the internal-processing procedure of the 
user system 50 shown in drawing 1 . 

[Drawing 12] It is the flow chart which shows the license decode procedure by the use 
relation specification physical element. 

[Drawing 13] It is the flow chart which shows the license decode procedure by the 
physical element of a playback device. 

[Drawing 14] It is drawing showing an example of the decode process of a license. 
[Drawing 15] It is the data flow diagram showing the contents decode processing by a 
license demand and license acquisition. 

[Drawing 16] It is drawing showing the effect of the protection reinforcement on [ at 
the time of mounting each processing procedure in each entity of a specific use 
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environment ]. 

[Drawing 17] It is drawing showing the access-control model in the former. 

[Drawing, 13] It is drawing chewing the outline configuration of the contents use 

control system corresponding to the access-control model in the former. 

[Drawing 19] It is drawing showing the improved access-control model. 

[Drawing 20] It is drawing showing the contents distribution model of the contents use 

control system in the former. 

[Drawing 21] It is drawing showing a contents cache possible mold model. 
[Drawing 22] It is drawing showing the outline configuration of the contents use 
control system corresponding to the contents cache possible mold model shown in 
drawing 21 . 

[Drawing 23] It is drawing showing the outline configuration of the contents use 
control system which realizes a contents coincidence distribution mold model. 
[Description of Notations] 

1 Copyright Person 

2 User 

10 Contents Use Control System 

20 Copyright Person System 

21 Secret Contents Registration Section 

22 Right Transfer Section of Access Control 

23 ACL Setting Section 
30 Contents Server 

40 License Server 

41 License Authorization / Generation Section 

42 LDAP System 

43 Access Control List (ACL) 

44 Key 

50 User System 

51 Secrecy Contents Demand / Acquisition Section 

52 License Demand / Acquisition Section 

53 Specific Use Environment 

54- 1 - 54-N Use environmental specification physical element 

55- 1 - 55-M Contents storage device 

56- 1 - 56-L Playback device 

57- 1, 59-1 , 61-1 Physical element ID 

58- 1, 60-1, 62-1 Encryption / decryption / evaluation section 



32/32 



1/15 ^ — v 

* NOTICES * 

Japan Patent Office is not responsible for any 
damages caused by the use of this translation. 

1. This document has been translated by computer. So the translation may not reflect the original precisely. 

2. **** shows the word which can not be translated. 
3.1n the drawings, any words are not translated. 
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[Drawing 19] 
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[Drawing 22] 
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[Drawing 23] 
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